Merged update from upstream sources

This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openjpeg2.git#2443c472a5ef7973c7c3acd0519495be2a15cfd2
This commit is contained in:
DistroBaker 2020-12-29 15:43:12 +00:00
parent f56fc8f556
commit 39168a9614
13 changed files with 15 additions and 456 deletions

1
.gitignore vendored
View File

@ -7,3 +7,4 @@
/openjpeg-2.2.0.tar.gz
/openjpeg-2.3.0.tar.gz
/openjpeg-2.3.1.tar.gz
/openjpeg-2.4.0.tar.gz

View File

@ -7,8 +7,8 @@
%global _target_platform %{_vendor}-%{_target_os}
Name: openjpeg2
Version: 2.3.1
Release: 10%{?dist}
Version: 2.4.0
Release: 1%{?dist}
Summary: C-Library for JPEG 2000
# windirent.h is MIT, the rest is BSD
@ -22,33 +22,6 @@ Source1: data.tar.xz
# Rename tool names to avoid conflicts with openjpeg-1.x
Patch0: openjpeg2_opj2.patch
# Backport patch for CVE 2020-6851
# https://github.com/uclouvain/openjpeg/issues/1228
Patch1: openjpeg2_CVE-2020-6851.patch
# Backport patch for CVE 2020-8112
# https://github.com/uclouvain/openjpeg/pull/1232/commits/05f9b91e60debda0e83977e5e63b2e66486f7074
Patch2: openjpeg2_CVE-2020-8112.patch
# Backport patch for CVE-2020-27814
# https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc
Patch3: openjpeg2_CVE-2020-27814.patch
# Backport patch for CVE-2020-27824
# https://github.com/uclouvain/openjpeg/pull/1292/commits/6daf5f3e1ec6eff03b7982889874a3de6617db8d
Patch4: openjpeg2_CVE-2020-27824.patch
# Backport patch for CVE-2020-27823
# https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919
Patch5: openjpeg2_CVE-2020-27823.patch
# Backport patch for CVE-2020-27841
# https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce
Patch6: openjpeg2_CVE-2020-27841.patch
# Backport patch for CVE-2020-27842
# https://github.com/uclouvain/openjpeg/pull/1296/commits/fbd30b064f8f9607d500437b6fedc41431fd6cdc
Patch7: openjpeg2_CVE-2020-27842.patch
# Backport patch for CVE-2020-27843
# https://github.com/rouault/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121
Patch8: openjpeg2_CVE-2020-27843.patch
# Backport patch for CVE-2020-27845
# https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63
Patch9: openjpeg2_CVE-2020-27845.patch
BuildRequires: cmake
@ -286,12 +259,12 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
%{_mandir}/man3/libopenjp2.3*
%files devel
%dir %{_includedir}/openjpeg-2.3/
%{_includedir}/openjpeg-2.3/openjpeg.h
%{_includedir}/openjpeg-2.3/opj_config.h
%{_includedir}/openjpeg-2.3/opj_stdint.h
%dir %{_includedir}/openjpeg-2.4/
%{_includedir}/openjpeg-2.4/openjpeg.h
%{_includedir}/openjpeg-2.4/opj_config.h
%{_includedir}/openjpeg-2.4/opj_stdint.h
%{_libdir}/libopenjp2.so
%{_libdir}/openjpeg-2.3/
%{_libdir}/openjpeg-2.4/
%{_libdir}/pkgconfig/libopenjp2.pc
%files devel-docs
@ -351,6 +324,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
%changelog
* Tue Dec 29 2020 Sandro Mani <manisandro@gmail.com> - 2.4.0-1
- Update to 2.4.0
* Thu Dec 17 2020 Sandro Mani <manisandro@gmail.com> - 2.3.1-10
* Backport patches for CVE-2020-27841, CVE-2020-27842, CVE-2020-27843, CVE-2020-27845

View File

@ -1,16 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.797030458 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.799030456 +0100
@@ -1235,9 +1235,11 @@ static OPJ_BOOL opj_tcd_code_block_enc_a
/* +1 is needed for https://github.com/uclouvain/openjpeg/issues/835 */
/* and actually +2 required for https://github.com/uclouvain/openjpeg/issues/982 */
+ /* and +7 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 3) */
+ /* and +26 for https://github.com/uclouvain/openjpeg/issues/1283 (-M 7) */
/* TODO: is there a theoretical upper-bound for the compressed code */
/* block size ? */
- l_data_size = 2 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
+ l_data_size = 26 + (OPJ_UINT32)((p_code_block->x1 - p_code_block->x0) *
(p_code_block->y1 - p_code_block->y0) * (OPJ_INT32)sizeof(OPJ_UINT32));
if (l_data_size > p_code_block->data_size) {

View File

@ -1,15 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/convertpng.c openjpeg-2.3.1-new/src/bin/jp2/convertpng.c
--- openjpeg-2.3.1/src/bin/jp2/convertpng.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/bin/jp2/convertpng.c 2020-12-17 16:25:44.882030380 +0100
@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read
image->x0 = (OPJ_UINT32)params->image_offset_x0;
image->y0 = (OPJ_UINT32)params->image_offset_y0;
image->x1 = (OPJ_UINT32)(image->x0 + (width - 1) * (OPJ_UINT32)
- params->subsampling_dx + 1 + image->x0);
+ params->subsampling_dx + 1);
image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
- params->subsampling_dy + 1 + image->y0);
+ params->subsampling_dy + 1);
row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
if (row32s == NULL) {

View File

@ -1,12 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/dwt.c openjpeg-2.3.1-new/src/lib/openjp2/dwt.c
--- openjpeg-2.3.1/src/lib/openjp2/dwt.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/dwt.c 2020-12-17 16:25:44.842030417 +0100
@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj
if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
stepsize = 1.0;
} else {
- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
+ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
stepsize = (1 << (gain)) / norm;
}
opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),

View File

@ -1,226 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c
--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:44.923030342 +0100
@@ -192,10 +192,12 @@ static void opj_get_all_encoding_paramet
* @param p_image the image used to initialize the packet iterator (in fact only the number of components is relevant.
* @param p_cp the coding parameters.
* @param tileno the index of the tile from which creating the packet iterator.
+ * @param manager Event manager
*/
static opj_pi_iterator_t * opj_pi_create(const opj_image_t *p_image,
const opj_cp_t *p_cp,
- OPJ_UINT32 tileno);
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager);
/**
* FIXME DOC
*/
@@ -230,12 +232,6 @@ static OPJ_BOOL opj_pi_check_next_level(
==========================================================
*/
-static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg)
-{
- (void)pi;
- (void)msg;
-}
-
static OPJ_BOOL opj_pi_next_lrcp(opj_pi_iterator_t * pi)
{
opj_pi_comp_t *comp = NULL;
@@ -272,7 +268,7 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_
/* include should be resized when a POC arises, or */
/* the POC should be rejected */
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -318,7 +314,7 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -449,7 +445,7 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -473,6 +469,13 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_pcrl(): invalid compno0/compno1");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
goto LABEL_SKIP;
@@ -580,7 +583,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -604,6 +607,13 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_cprl(): invalid compno0/compno1");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
goto LABEL_SKIP;
@@ -708,7 +718,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
if (index >= pi->include_size) {
- opj_pi_emit_error(pi, "Invalid access to pi->include");
+ opj_event_msg(pi->manager, EVT_ERROR, "Invalid access to pi->include");
return OPJ_FALSE;
}
if (!pi->include[index]) {
@@ -981,7 +991,8 @@ static void opj_get_all_encoding_paramet
static opj_pi_iterator_t * opj_pi_create(const opj_image_t *image,
const opj_cp_t *cp,
- OPJ_UINT32 tileno)
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager)
{
/* loop*/
OPJ_UINT32 pino, compno;
@@ -1015,6 +1026,8 @@ static opj_pi_iterator_t * opj_pi_create
l_current_pi = l_pi;
for (pino = 0; pino < l_poc_bound ; ++pino) {
+ l_current_pi->manager = manager;
+
l_current_pi->comps = (opj_pi_comp_t*) opj_calloc(image->numcomps,
sizeof(opj_pi_comp_t));
if (! l_current_pi->comps) {
@@ -1352,7 +1365,8 @@ static OPJ_BOOL opj_pi_check_next_level(
*/
opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image,
opj_cp_t *p_cp,
- OPJ_UINT32 p_tile_no)
+ OPJ_UINT32 p_tile_no,
+ opj_event_mgr_t* manager)
{
OPJ_UINT32 numcomps = p_image->numcomps;
@@ -1407,7 +1421,7 @@ opj_pi_iterator_t *opj_pi_create_decode(
}
/* memory allocation for pi */
- l_pi = opj_pi_create(p_image, p_cp, p_tile_no);
+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager);
if (!l_pi) {
opj_free(l_tmp_data);
opj_free(l_tmp_ptr);
@@ -1552,7 +1566,8 @@ opj_pi_iterator_t *opj_pi_create_decode(
opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image,
opj_cp_t *p_cp,
OPJ_UINT32 p_tile_no,
- J2K_T2_MODE p_t2_mode)
+ J2K_T2_MODE p_t2_mode,
+ opj_event_mgr_t* manager)
{
OPJ_UINT32 numcomps = p_image->numcomps;
@@ -1606,7 +1621,7 @@ opj_pi_iterator_t *opj_pi_initialise_enc
}
/* memory allocation for pi*/
- l_pi = opj_pi_create(p_image, p_cp, p_tile_no);
+ l_pi = opj_pi_create(p_image, p_cp, p_tile_no, manager);
if (!l_pi) {
opj_free(l_tmp_data);
opj_free(l_tmp_ptr);
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.h openjpeg-2.3.1-new/src/lib/openjp2/pi.h
--- openjpeg-2.3.1/src/lib/openjp2/pi.h 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.h 2020-12-17 16:25:44.923030342 +0100
@@ -107,6 +107,8 @@ typedef struct opj_pi_iterator {
OPJ_INT32 x, y;
/** FIXME DOC*/
OPJ_UINT32 dx, dy;
+ /** event manager */
+ opj_event_mgr_t* manager;
} opj_pi_iterator_t;
/** @name Exported functions */
@@ -119,13 +121,15 @@ typedef struct opj_pi_iterator {
* @param cp the coding parameters.
* @param tileno index of the tile being encoded.
* @param t2_mode the type of pass for generating the packet iterator
+ * @param manager Event manager
*
* @return a list of packet iterator that points to the first packet of the tile (not true).
*/
opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *image,
opj_cp_t *cp,
OPJ_UINT32 tileno,
- J2K_T2_MODE t2_mode);
+ J2K_T2_MODE t2_mode,
+ opj_event_mgr_t* manager);
/**
* Updates the encoding parameters of the codec.
@@ -161,12 +165,14 @@ Create a packet iterator for Decoder
@param image Raw image for which the packets will be listed
@param cp Coding parameters
@param tileno Number that identifies the tile for which to list the packets
+@param manager Event manager
@return Returns a packet iterator that points to the first packet of the tile
@see opj_pi_destroy
*/
opj_pi_iterator_t *opj_pi_create_decode(opj_image_t * image,
opj_cp_t * cp,
- OPJ_UINT32 tileno);
+ OPJ_UINT32 tileno,
+ opj_event_mgr_t* manager);
/**
* Destroys a packet iterator array.
*
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.923030342 +0100
@@ -244,7 +244,7 @@ OPJ_BOOL opj_t2_encode_packets(opj_t2_t*
l_image->numcomps : 1;
OPJ_UINT32 l_nb_pocs = l_tcp->numpocs + 1;
- l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode);
+ l_pi = opj_pi_initialise_encode(l_image, l_cp, p_tile_no, p_t2_mode, p_manager);
if (!l_pi) {
return OPJ_FALSE;
}
@@ -405,7 +405,7 @@ OPJ_BOOL opj_t2_decode_packets(opj_tcd_t
#endif
/* create a packet iterator */
- l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no);
+ l_pi = opj_pi_create_decode(l_image, l_cp, p_tile_no, p_manager);
if (!l_pi) {
return OPJ_FALSE;
}

View File

@ -1,19 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100
@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
opj_tgt_reset(prc->incltree);
opj_tgt_reset(prc->imsbtree);

View File

@ -1,19 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:45.009030263 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:45.011030261 +0100
@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
l_nb_blocks = prc->cw * prc->ch;
cblk = prc->cblks.enc;

View File

@ -1,63 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/pi.c openjpeg-2.3.1-new/src/lib/openjp2/pi.c
--- openjpeg-2.3.1/src/lib/openjp2/pi.c 2020-12-17 16:25:44.966030303 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/pi.c 2020-12-17 16:25:45.053030223 +0100
@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_lrcp(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_rlcp(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
comp = &pi->comps[pi->compno];
res = &comp->resolutions[pi->resno];
@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_
opj_pi_resolution_t *res = NULL;
OPJ_UINT32 index = 0;
+ if (pi->poc.compno0 >= pi->numcomps ||
+ pi->poc.compno1 >= pi->numcomps + 1) {
+ opj_event_msg(pi->manager, EVT_ERROR,
+ "opj_pi_next_rpcl(): invalid compno0/compno1\n");
+ return OPJ_FALSE;
+ }
+
if (!pi->first) {
goto LABEL_SKIP;
} else {
@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
- "opj_pi_next_pcrl(): invalid compno0/compno1");
+ "opj_pi_next_pcrl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}
@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
if (pi->poc.compno0 >= pi->numcomps ||
pi->poc.compno1 >= pi->numcomps + 1) {
opj_event_msg(pi->manager, EVT_ERROR,
- "opj_pi_next_cprl(): invalid compno0/compno1");
+ "opj_pi_next_cprl(): invalid compno0/compno1\n");
return OPJ_FALSE;
}

View File

@ -1,18 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/j2k.c openjpeg-2.3.1-new/src/lib/openjp2/j2k.c
--- openjpeg-2.3.1/src/lib/openjp2/j2k.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/j2k.c 2020-12-17 16:25:44.708030540 +0100
@@ -9236,6 +9236,14 @@ static OPJ_BOOL opj_j2k_update_image_dim
l_img_comp = p_image->comps;
for (it_comp = 0; it_comp < p_image->numcomps; ++it_comp) {
OPJ_INT32 l_h, l_w;
+ if (p_image->x0 > (OPJ_UINT32)INT_MAX ||
+ p_image->y0 > (OPJ_UINT32)INT_MAX ||
+ p_image->x1 > (OPJ_UINT32)INT_MAX ||
+ p_image->y1 > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "Image coordinates above INT_MAX are not supported\n");
+ return OPJ_FALSE;
+ }
l_img_comp->x0 = (OPJ_UINT32)opj_int_ceildiv((OPJ_INT32)p_image->x0,
(OPJ_INT32)l_img_comp->dx);

View File

@ -1,30 +0,0 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/tcd.c openjpeg-2.3.1-new/src/lib/openjp2/tcd.c
--- openjpeg-2.3.1/src/lib/openjp2/tcd.c 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/lib/openjp2/tcd.c 2020-12-17 16:25:44.754030498 +0100
@@ -905,8 +905,24 @@ static INLINE OPJ_BOOL opj_tcd_init_tile
/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000) */
l_tl_prc_x_start = opj_int_floordivpow2(l_res->x0, (OPJ_INT32)l_pdx) << l_pdx;
l_tl_prc_y_start = opj_int_floordivpow2(l_res->y0, (OPJ_INT32)l_pdy) << l_pdy;
- l_br_prc_x_end = opj_int_ceildivpow2(l_res->x1, (OPJ_INT32)l_pdx) << l_pdx;
- l_br_prc_y_end = opj_int_ceildivpow2(l_res->y1, (OPJ_INT32)l_pdy) << l_pdy;
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->x1,
+ (OPJ_INT32)l_pdx)) << l_pdx;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_x_end = (OPJ_INT32)tmp;
+ }
+ {
+ OPJ_UINT32 tmp = ((OPJ_UINT32)opj_int_ceildivpow2(l_res->y1,
+ (OPJ_INT32)l_pdy)) << l_pdy;
+ if (tmp > (OPJ_UINT32)INT_MAX) {
+ opj_event_msg(manager, EVT_ERROR, "Integer overflow\n");
+ return OPJ_FALSE;
+ }
+ l_br_prc_y_end = (OPJ_INT32)tmp;
+ }
/*fprintf(stderr, "\t\t\tprc_x_start=%d, prc_y_start=%d, br_prc_x_end=%d, br_prc_y_end=%d \n", l_tl_prc_x_start, l_tl_prc_y_start, l_br_prc_x_end ,l_br_prc_y_end );*/
l_res->pw = (l_res->x0 == l_res->x1) ? 0U : (OPJ_UINT32)((

View File

@ -1,6 +1,6 @@
diff -rupN --no-dereference openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.3.1/src/bin/jp2/CMakeLists.txt 2019-04-02 14:45:15.000000000 +0200
+++ openjpeg-2.3.1-new/src/bin/jp2/CMakeLists.txt 2020-12-17 16:25:44.665030580 +0100
diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt
--- openjpeg-2.4.0/src/bin/jp2/CMakeLists.txt 2020-12-28 21:59:39.000000000 +0100
+++ openjpeg-2.4.0-new/src/bin/jp2/CMakeLists.txt 2020-12-29 15:45:09.466819414 +0100
@@ -44,6 +44,8 @@ endif()
# Loop over all executables:
foreach(exe opj_decompress opj_compress opj_dump)

View File

@ -1 +1 @@
SHA512 (openjpeg-2.3.1.tar.gz) = 339fbc899bddf2393d214df71ed5d6070a3a76b933b1e75576c8a0ae9dfcc4adec40bdc544f599e4b8d0bc173e4e9e7352408497b5b3c9356985605830c26c03
SHA512 (openjpeg-2.4.0.tar.gz) = 55daab47d33823af94e32e5d345b52c251a5410f0c8e0a13b693f17899eedc8b2bb107489ddcba9ab78ef17dfd7cd80d3c5ec80c1e429189cb041124b67e07a8