parent
242036c5d5
commit
be3b9c8d4d
|
@ -0,0 +1,35 @@
|
|||
From 409907d89878222cf9dea80f0add8f73e9383834 Mon Sep 17 00:00:00 2001
|
||||
From: Mehdi Sabwat <mehdisabwat@gmail.com>
|
||||
Date: Fri, 7 May 2021 01:50:37 +0200
|
||||
Subject: [PATCH] fix heap buffer overflow #1347
|
||||
|
||||
---
|
||||
src/bin/common/color.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/src/bin/common/color.c b/src/bin/common/color.c
|
||||
index 27f15f1..935fa44 100644
|
||||
--- a/src/bin/common/color.c
|
||||
+++ b/src/bin/common/color.c
|
||||
@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
|
||||
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
|
||||
- ++y;
|
||||
+ if (*y != img->comps[0].data[loopmaxh])
|
||||
+ ++y;
|
||||
++r;
|
||||
++g;
|
||||
++b;
|
||||
- ++cb;
|
||||
- ++cr;
|
||||
+ if (*cb != img->comps[1].data[loopmaxh])
|
||||
+ ++cb;
|
||||
+ if (*cr != img->comps[2].data[loopmaxh])
|
||||
+ ++cr;
|
||||
}
|
||||
if (j < maxw) {
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
--
|
||||
2.31.1
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
|
||||
Name: openjpeg2
|
||||
Version: 2.4.0
|
||||
Release: 4%{?dist}
|
||||
Release: 5%{?dist}
|
||||
Summary: C-Library for JPEG 2000
|
||||
|
||||
# windirent.h is MIT, the rest is BSD
|
||||
|
@ -24,6 +24,8 @@ Source1: data.tar.xz
|
|||
Patch0: openjpeg2_opj2.patch
|
||||
# Fix CVE-2021-29338
|
||||
Patch1: openjpeg2-CVE-2021-29338.patch
|
||||
# Fix CVE-2021-3575
|
||||
Patch2: openjpeg2-CVE-2021-3575.patch
|
||||
|
||||
|
||||
BuildRequires: cmake
|
||||
|
@ -326,6 +328,9 @@ chmod +x %{buildroot}%{_bindir}/opj2_jpip_viewer
|
|||
|
||||
|
||||
%changelog
|
||||
* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-5
|
||||
- Fix CVE-2021-3575 (#1969280)
|
||||
|
||||
* Fri Jun 25 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
|
||||
- Fix CVE-2021-29338 (#1951333)
|
||||
|
||||
|
|
Loading…
Reference in New Issue