Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
jasper.22852
jasper-CVE-2016-9398-upstream.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jasper-CVE-2016-9398-upstream.patch of Package jasper.22852
Index: jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c =================================================================== --- jasper-1.900.14.orig/src/libjasper/jpc/jpc_t2dec.c +++ jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c @@ -292,6 +292,20 @@ hdroffstart = jas_stream_getrwcount(pkth savenumnewpasses = numnewpasses; mycounter = 0; if (numnewpasses > 0) { + if (cblk->firstpassno > 10000) { + /* workaround for + CVE-2016-9398: this + large value would + make + JPC_SEGPASSCNT() + return a negative + value, causing an + assertion failure + in + jpc_floorlog2() */ + jpc_bitstream_close(inb); + return -1; + } if ((m = jpc_getcommacode(inb)) < 0) { jpc_bitstream_close(inb); return -1; @@ -300,11 +314,19 @@ hdroffstart = jas_stream_getrwcount(pkth JAS_DBGLOG(10, ("increment=%d ", m)); while (numnewpasses > 0) { passno = cblk->firstpassno + cblk->numpasses + mycounter; + if (passno >= 10000) { + /* with this value, + JPC_SEGPASSCNT() + would return 0, + which is an illegal + value and would + later crash in + jpc_floorlog2() */ + jpc_bitstream_close(inb); + return -1; + } /* XXX - the maxpasses is not set precisely but this doesn't matter... */ maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0); - // Avoid maxpasses to be negative - if (maxpasses < 0) - maxpasses = -maxpasses; if (!discard && !seg) { if (!(seg = jpc_seg_alloc())) { jpc_bitstream_close(inb);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor