rpms/mingw-libjpeg-turbo
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix CVE-2020-13790

Browse Source 
https://bugzilla.redhat.com/show_bug.cgi?id=1847160
This commit is contained in:
Kalev Lember 2020-06-16 11:49:10 +02:00
parent 1017ed0e17
commit f6c3cc8708
2 changed files with 37 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
libjpeg-turbo-CVE-2020-13790.patch Normal file
View File

@ -0,0 +1,32 @@
From a224e4dfd34823a4d993dcb97819bdcee8471676 Mon Sep 17 00:00:00 2001
From: DRC <information@libjpeg-turbo.org>
Date: Tue, 2 Jun 2020 14:15:37 -0500
Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM
This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to
include binary PPM files with maximum values < 255, thus preventing a
malformed binary PPM input file with those specifications from
triggering an overrun of the rescale array and potentially crashing
cjpeg, TJBench, or any program that uses the tjLoadImage() function.
Fixes #433
---
rdppm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rdppm.c b/rdppm.c
index 87bc330..71dd146 100644
--- a/rdppm.c
+++ b/rdppm.c
@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo)
/* On 16-bit-int machines we have to be careful of maxval = 65535 */
source->rescale = (JSAMPLE *)
(*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE,
- (size_t)(((long)maxval + 1L) *
+ (size_t)(((long)MAX(maxval, 255) + 1L) *
sizeof(JSAMPLE)));
half_maxval = maxval / 2;
for (val = 0; val <= (long)maxval; val++) {
--
2.26.2

6
mingw-libjpeg-turbo.spec
View File

@ -6,7 +6,7 @@
Name: mingw-libjpeg-turbo Name: mingw-libjpeg-turbo
Version: 2.0.4 Version: 2.0.4
Release: 2%{?dist} Release: 3%{?dist}
Summary: MinGW Windows Libjpeg-turbo library Summary: MinGW Windows Libjpeg-turbo library
License: wxWidgets License: wxWidgets
@ -16,6 +16,7 @@ Source0: http://downloads.sourceforge.net/libjpeg-turbo/libjpeg-turbo-%{v
# Make jconfig.h more autoconf friendly # Make jconfig.h more autoconf friendly
# https://bugzilla.redhat.com/show_bug.cgi?id=843193 # https://bugzilla.redhat.com/show_bug.cgi?id=843193
Patch0: libjpeg-turbo-match-autoconf-behavior.patch Patch0: libjpeg-turbo-match-autoconf-behavior.patch
Patch2: libjpeg-turbo-CVE-2020-13790.patch
BuildArch: noarch BuildArch: noarch
@ -156,6 +157,9 @@ chmod -x README.md
%changelog %changelog
* Tue Jun 16 2020 Kalev Lember <klember@redhat.com> - 2.0.4-3
- Fix CVE-2020-13790 (#1847160)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2 * Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild