Backport fix for CVE-2022-1122

2022-03-28 22:01:33 +02:00 · 2022-03-28 22:01:33 +02:00 · fa23ae3b21
commit fa23ae3b21
parent 6a5c57d924
2 changed files with 19 additions and 1 deletions
--- a/CVE-2022-1122.patch
+++ b/CVE-2022-1122.patch
@ -0,0 +1,12 @@
+diff -rupN --no-dereference openjpeg-2.4.0/src/bin/jp2/opj_decompress.c openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c
+--- openjpeg-2.4.0/src/bin/jp2/opj_decompress.c	2022-03-28 22:01:04.615605223 +0200
+++ openjpeg-2.4.0-new/src/bin/jp2/opj_decompress.c	2022-03-28 22:01:04.662605454 +0200
+@@ -1351,7 +1351,7 @@ int main(int argc, char **argv)
+         int it_image;
+         num_images = get_num_images(img_fol.imgdirpath);
+ 
+-        dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
+        dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
+         if (!dirptr) {
+             destroy_parameters(&parameters);
+             return EXIT_FAILURE;
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@ -8,7 +8,7 @@

 Name:           openjpeg2
 Version:        2.4.0
-Release:        8%{?dist}
+Release:        10%{?dist}
 Summary:        C-Library for JPEG 2000

 # windirent.h is MIT, the rest is BSD
@ -29,6 +29,9 @@ Patch1:         CVE-2021-29338.patch
 # Backport proposed patch for heap buffer overflow (#1957616)
 # See https://github.com/uclouvain/openjpeg/issues/1347
 Patch2:         heap-buffer-overflow.patch
+# Backport patch for CVE-2022-1122
+# See https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d
+Patch3:         CVE-2022-1122.patch


 BuildRequires:  cmake
@ -422,6 +425,9 @@ rm -rf %{buildroot}%{mingw64_datadir}/doc


 %changelog
+* Mon Mar 28 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-10
+- Backport fix for CVE-2022-1122
+
 * Fri Mar 25 2022 Sandro Mani <manisandro@gmail.com> - 2.4.0-8
 - Rebuild with mingw-gcc-12