Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
jasper.25970
jasper-CVE-2016-9262.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jasper-CVE-2016-9262.patch of Package jasper.25970
diff -urEbwB jasper-1.900.14/src/libjasper/base/jas_image.c jasper-1.900.14.new/src/libjasper/base/jas_image.c --- jasper-1.900.14/src/libjasper/base/jas_image.c 2017-07-11 12:01:22.628016305 +0200 +++ jasper-1.900.14.new/src/libjasper/base/jas_image.c 2017-07-11 12:38:10.115887712 +0200 @@ -78,6 +78,7 @@ #include <ctype.h> #include <inttypes.h> #include <stdbool.h> +#include <limits.h> #include "jasper/jas_math.h" #include "jasper/jas_image.h" @@ -333,8 +334,8 @@ // Compute the number of samples in the image component, while protecting // against overflow. // size = cmpt->width_ * cmpt->height_ * cmpt->cps_; - if (!jas_safe_size_mul(cmpt->width_, cmpt->height_, &size) || - !jas_safe_size_mul(size, cmpt->cps_, &size)) { + if (!jas_safe_size_mul3(cmpt->width_, cmpt->height_, cmpt->cps_, &size) || + size > INT_MAX) { goto error; } cmpt->stream_ = (inmem) ? jas_stream_memopen(0, size) : diff -urEbwB jasper-1.900.14/src/libjasper/include/jasper/jas_math.h jasper-1.900.14.new/src/libjasper/include/jasper/jas_math.h --- jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-07-11 12:01:22.616016305 +0200 +++ jasper-1.900.14.new/src/libjasper/include/jasper/jas_math.h 2017-07-11 12:42:52.798047647 +0200 @@ -181,7 +181,23 @@ /* Overflow would occur. */ return false; } + if (result) { *result = x * y; + } + return true; +} + +inline static bool jas_safe_size_mul3(size_t a, size_t b, size_t c, + size_t *result) +{ + size_t tmp; + if (!jas_safe_size_mul(a, b, &tmp) || + !jas_safe_size_mul(tmp, c, &tmp)) { + return false; + } + if (result) { + *result = tmp; + } return true; } @@ -191,7 +207,9 @@ if (y > SIZE_MAX - x) { return false; } + if (result) { *result = x + y; + } return true; } @@ -201,7 +219,9 @@ if (y > x) { return false; } + if (result) { *result = x - y; + } return true; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor