jasper/jasper-2.0.14-CVE-2020-27828.patch

15 lines
578 B
Diff

diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
break;
case OPT_MAXRLVLS:
tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+ if(tccp->maxrlvls > JPC_MAXRLVLS) {
+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+ goto error;
+ }
break;
case OPT_SOP:
cp->tcp.csty |= JPC_COD_SOP;