Fix CVE-2020-13790 (#1847159)
This commit is contained in:
Nikola Forró
parent
d6483a3e4a
commit
be3d271239
32
libjpeg-turbo-CVE-2020-13790.patch
Normal file
32
libjpeg-turbo-CVE-2020-13790.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From a224e4dfd34823a4d993dcb97819bdcee8471676 Mon Sep 17 00:00:00 2001
|
||||
From: DRC <information@libjpeg-turbo.org>
|
||||
Date: Tue, 2 Jun 2020 14:15:37 -0500
|
||||
Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
|
||||
|
||||
This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
|
||||
include binary PPM files with maximum values < 255, thus preventing a
|
||||
malformed binary PPM input file with those specifications from
|
||||
triggering an overrun of the rescale array and potentially crashing
|
||||
cjpeg, TJBench, or any program that uses the tjLoadImage() function.
|
||||
|
||||
Fixes #433
|
||||
---
|
||||
rdppm.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/rdppm.c b/rdppm.c
|
||||
index 87bc330..71dd146 100644
|
||||
--- a/rdppm.c
|
||||
+++ b/rdppm.c
|
||||
@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
|
||||
/* On 16-bit-int machines we have to be careful of maxval = 65535 */
|
||||
source->rescale = (JSAMPLE *)
|
||||
(*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
|
||||
- (size_t)(((long)maxval + 1L) *
|
||||
+ (size_t)(((long)MAX(maxval, 255) + 1L) *
|
||||
sizeof(JSAMPLE)));
|
||||
half_maxval = maxval / 2;
|
||||
for (val = 0; val <= (long)maxval; val++) {
|
||||
--
|
||||
2.26.2
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: libjpeg-turbo
|
||||
Version: 2.0.4
|
||||
Release: 2%{?dist}
|
||||
Release: 3%{?dist}
|
||||
Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
|
||||
License: IJG
|
||||
URL: http://sourceforge.net/projects/libjpeg-turbo
|
||||
@ -8,6 +8,7 @@ URL: http://sourceforge.net/projects/libjpeg-turbo
|
||||
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
|
||||
Patch0: libjpeg-turbo-cmake.patch
|
||||
Patch1: libjpeg-turbo-CET.patch
|
||||
Patch2: libjpeg-turbo-CVE-2020-13790.patch
|
||||
|
||||
BuildRequires: gcc
|
||||
BuildRequires: cmake
|
||||
@ -71,6 +72,7 @@ manipulate JPEG files using the TurboJPEG library.
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
|
||||
%build
|
||||
# NASM object files are missing GNU Property note for Intel CET,
|
||||
@ -176,6 +178,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} make test %{?_smp_mflags}
|
||||
%{_libdir}/pkgconfig/libturbojpeg.pc
|
||||
|
||||
%changelog
|
||||
* Tue Jun 16 2020 Nikola Forró <nforro@redhat.com> - 2.0.4-3
|
||||
- Fix CVE-2020-13790 (#1847159)
|
||||
|
||||
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user