Fix CVE-2021-3575

- resolves: #1969280

openjpeg2-CVE-2021-3575.patch

@@ -0,0 +1,35 @@
+From 409907d89878222cf9dea80f0add8f73e9383834 Mon Sep 17 00:00:00 2001
+From: Mehdi Sabwat <mehdisabwat@gmail.com>
+Date: Fri, 7 May 2021 01:50:37 +0200
+Subject: [PATCH] fix heap buffer overflow #1347
+
+---
+ src/bin/common/color.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/src/bin/common/color.c b/src/bin/common/color.c
+index 27f15f1..935fa44 100644
+--- a/src/bin/common/color.c
++++ b/src/bin/common/color.c
+@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
+ 
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+ 
+-            ++y;
++            if (*y != img->comps[0].data[loopmaxh])
++                ++y;
+             ++r;
+             ++g;
+             ++b;
+-            ++cb;
+-            ++cr;
++            if (*cb != img->comps[1].data[loopmaxh])
++                ++cb;
++            if (*cr != img->comps[2].data[loopmaxh])
++                ++cr;
+         }
+         if (j < maxw) {
+             sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
+-- 
+2.31.1
+

openjpeg2.spec

@@ -8,7 +8,7 @@
 
 Name:           openjpeg2
 Version:        2.4.0
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -24,6 +24,8 @@ Source1:        data.tar.xz
 Patch0:         openjpeg2_opj2.patch
 # Fix CVE-2021-29338
 Patch1:         openjpeg2-CVE-2021-29338.patch
+# Fix CVE-2021-3575
+Patch2:         openjpeg2-CVE-2021-3575.patch
 
 
 BuildRequires:  cmake
@@ -326,6 +328,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
 
 
 %changelog
+* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-5
+- Fix CVE-2021-3575 (#1969280)
+
 * Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
 - Fix CVE-2021-29338 (#1951333)