- CVE-2007-2721 (#240397)

This commit is contained in:
Rex Dieter 2007-05-23 19:05:20 +00:00
parent 0d6a03598e
commit a52270f107
2 changed files with 23 additions and 1 deletions

View File

@ -11,7 +11,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
Name: jasper
Group: System Environment/Libraries
Version: 1.900.1
Release: 1%{?dist}
Release: 2%{?dist}
License: JasPer License Version 2.0
%if "%{?geo:1}" == "1"
@ -28,6 +28,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Patch1: jasper-1.701.0-GL.patch
# autoconf/automake bits of patch1
Patch2: jasper-1.701.0-GL-ac.patch
# CVE-2007-2721 (bug #240397)
# borrowed from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413041;msg=88
Patch3: patch-libjasper-stepsizes-overflow.diff
BuildRequires: automake
BuildRequires: libjpeg-devel
@ -52,6 +55,7 @@ Requires: libjpeg-devel
%setup -q -n %{name}-%{version}%{?geo:.GEO}
%patch1 -p1 -b .GL
%patch3 -p1 -b .CVE-2007-2721
%if "%{?geo:1}" == "1"
chmod +x configure configure.ac
@ -64,6 +68,7 @@ automake -a
%endif
%build
%configure \
@ -115,6 +120,9 @@ rm -rf $RPM_BUILD_ROOT
%changelog
* Wed May 23 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-2
- CVE-2007-2721 (#240397)
* Thu Mar 29 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 1.900.1-1
- jasper-1.900.1

View File

@ -0,0 +1,14 @@
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2007-04-06 01:29:02.000000000 +0200
@@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc
compparms->numstepsizes = (len - n) / 2;
break;
}
- if (compparms->numstepsizes > 0) {
+ if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
+ jpc_qcx_destroycompparms(compparms);
+ return -1;
+ } else if (compparms->numstepsizes > 0) {
compparms->stepsizes = jas_malloc(compparms->numstepsizes *
sizeof(uint_fast16_t));
assert(compparms->stepsizes);