rpms/libjpeg-turbo
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2020-13790 (#1847159)

Browse Source
This commit is contained in:
Nikola Forró 2020-06-16 10:59:49 +02:00
parent d6483a3e4a
commit be3d271239
2 changed files with 38 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libjpeg-turbo-CVE-2020-13790.patch Normal file
View File

@ -0,0 +1,32 @@
From a224e4dfd34823a4d993dcb97819bdcee8471676 Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 2 Jun 2020 14:15:37 -0500
Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
include binary PPM files with maximum values < 255, thus preventing a
malformed binary PPM input file with those specifications from
triggering an overrun of the rescale array and potentially crashing
cjpeg, TJBench, or any program that uses the tjLoadImage() function.
Fixes #433
---
rdppm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rdppm.c b/rdppm.c
index 87bc330..71dd146 100644
--- a/rdppm.c
+++ b/rdppm.c
@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
/* On 16-bit-int machines we have to be careful of maxval = 65535 */
source->rescale = (JSAMPLE *)
(*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
- (size_t)(((long)maxval + 1L) *
+ (size_t)(((long)MAX(maxval, 255) + 1L) *
sizeof(JSAMPLE)));
half_maxval = maxval / 2;
for (val = 0; val <= (long)maxval; val++) {
--
2.26.2

7
libjpeg-turbo.spec
View File

@ -1,6 +1,6 @@
Name: libjpeg-turbo Name: libjpeg-turbo
Version: 2.0.4 Version: 2.0.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files Summary: A MMX/SSE2/SIMD accelerated library for manipulating JPEG image files
License: IJG License: IJG
URL: http://sourceforge.net/projects/libjpeg-turbo URL: http://sourceforge.net/projects/libjpeg-turbo
@ -8,6 +8,7 @@ URL: http://sourceforge.net/projects/libjpeg-turbo
Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
Patch0: libjpeg-turbo-cmake.patch Patch0: libjpeg-turbo-cmake.patch
Patch1: libjpeg-turbo-CET.patch Patch1: libjpeg-turbo-CET.patch
Patch2: libjpeg-turbo-CVE-2020-13790.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: cmake BuildRequires: cmake
@ -71,6 +72,7 @@ manipulate JPEG files using the TurboJPEG library.
%setup -q %setup -q
%patch0 -p1 %patch0 -p1
%patch1 -p1 %patch1 -p1
%patch2 -p1
%build %build
# NASM object files are missing GNU Property note for Intel CET, # NASM object files are missing GNU Property note for Intel CET,
@ -176,6 +178,9 @@ LD_LIBRARY_PATH=%{buildroot}%{_libdir} make test %{?_smp_mflags}
%{_libdir}/pkgconfig/libturbojpeg.pc %{_libdir}/pkgconfig/libturbojpeg.pc
%changelog %changelog
* Tue Jun 16 2020 Nikola Forró <nforro@redhat.com> - 2.0.4-3
- Fix CVE-2020-13790 (#1847159)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild