Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
openjpeg2
openjpeg2-CVE-2016-9572-CVE-2016-9573.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openjpeg2-CVE-2016-9572-CVE-2016-9573.patch of Package openjpeg2
From 1e0c7066362762e4c227d0f5e4265a6f440eebaa Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson <hpj@cl.no> Date: Thu, 15 Dec 2016 00:20:00 +0100 Subject: [PATCH 8/9] CVE-2016-9572, CVE-2016-9573 --- src/bin/jp2/convert.c | 88 +++++++++++++++++++++++++++++++++++++++++++++++---- src/lib/openjp2/j2k.c | 16 ++++++++-- 2 files changed, 95 insertions(+), 9 deletions(-) diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c index 4adadc9..d21671d 100644 --- a/src/bin/jp2/convert.c +++ b/src/bin/jp2/convert.c @@ -433,7 +433,8 @@ int imagetotga(opj_image_t * image, const char *outfile) { for (i = 0; i < image->numcomps-1; i++) { if ((image->comps[0].dx != image->comps[i+1].dx) ||(image->comps[0].dy != image->comps[i+1].dy) - ||(image->comps[0].prec != image->comps[i+1].prec)) { + ||(image->comps[0].prec != image->comps[i+1].prec) + ||(image->comps[0].sgnd != image->comps[i+1].sgnd)) { fprintf(stderr, "Unable to create a tga file with such J2K image charateristics."); return 1; } @@ -1038,8 +1039,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) { FILE *fdest = NULL; int adjustR, adjustG, adjustB; + { + unsigned int ui, ncomp = image->numcomps; + + if (ncomp > 4) { /* RGBA in bmpmask32toimage */ + ncomp = 4; + } + for (ui = 1; ui < ncomp; ++ui) { + if (image->comps[0].dx != image->comps[ui].dx) { + break; + } + if (image->comps[0].dy != image->comps[ui].dy) { + break; + } + if (image->comps[0].prec != image->comps[ui].prec) { + break; + } + if (image->comps[0].sgnd != image->comps[ui].sgnd) { + break; + } + } + if (ui != ncomp) { + fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n"); + fprintf(stderr,"\tAborting\n"); + return 1; + } + } + if (image->comps[0].prec < 8) { - fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec); + fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec); return 1; } if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx @@ -1965,7 +1993,7 @@ int imagetopnm(opj_image_t * image, const char *outfile) int *red, *green, *blue, *alpha; int wr, hr, max; int i; - unsigned int compno, ncomp; + unsigned int compno, ncomp, ui; int adjustR, adjustG, adjustB, adjustA; int fails, two, want_gray, has_alpha, triple; int prec, v; @@ -1990,6 +2018,27 @@ int imagetopnm(opj_image_t * image, const char *outfile) if(want_gray) ncomp = 1; + for (ui = 1; ui < ncomp; ++ui) { + if (image->comps[0].dx != image->comps[ui].dx) { + break; + } + if (image->comps[0].dy != image->comps[ui].dy) { + break; + } + if (image->comps[0].prec != image->comps[ui].prec) { + break; + } + if (image->comps[0].sgnd != image->comps[ui].sgnd) { + break; + } + } + if (ui != ncomp) { + fprintf(stderr,"imagetopnm: All components\n shall have " + "the same subsampling, same bit depth, same sign.\n" + " Aborting\n"); + return 1; + } + if (ncomp == 2 /* GRAYA */ || (ncomp > 2 /* RGB, RGBA */ && image->comps[0].dx == image->comps[1].dx @@ -3095,7 +3144,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL { FILE *rawFile = NULL; size_t res; - unsigned int compno; + unsigned int compno, numcomps; int w, h, fails; int line, row, curr, mask; int *ptr; @@ -3108,6 +3157,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL return 1; } + numcomps = image->numcomps; + + if (numcomps > 4) { + numcomps = 4; + } + for (compno = 1; compno < numcomps; ++compno) { + if (image->comps[0].dx != image->comps[compno].dx) { + break; + } + if (image->comps[0].dy != image->comps[compno].dy) { + break; + } + if (image->comps[0].prec != image->comps[compno].prec) { + break; + } + if (image->comps[0].sgnd != image->comps[compno].sgnd) { + break; + } + } + if (compno != numcomps) { + fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n"); + fprintf(stderr,"\tAborting\n"); + return 1; + } + rawFile = fopen(outfile, "wb"); if (!rawFile) { fprintf(stderr, "Failed to open %s for writing !!\n", outfile); @@ -3115,9 +3189,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL } fails = 1; - fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps); + fprintf(stdout,"Raw image characteristics: %d components\n", numcomps); - for(compno = 0; compno < image->numcomps; compno++) + for(compno = 0; compno < numcomps; compno++) { fprintf(stdout,"Component %d characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w, image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned"); @@ -3227,7 +3301,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL } else if (image->comps[compno].prec <= 32) { - fprintf(stderr,"More than 16 bits per component no handled yet\n"); + fprintf(stderr,"More than 16 bits per component not handled yet\n"); goto fin; } else diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c index d6a8cab..2ea3797 100644 --- a/src/lib/openjp2/j2k.c +++ b/src/lib/openjp2/j2k.c @@ -2062,6 +2062,13 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k, return OPJ_FALSE; } + if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */ + opj_event_msg(p_manager, EVT_ERROR, + "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n", + i, l_img_comp->prec); + return OPJ_FALSE; + } + #ifdef USE_JPWL if (l_cp->correct) { /* if JPWL is on, we check whether TX errors have damaged @@ -9436,7 +9443,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, /* Move data and copy one information from codec to output image*/ for (compno = 0; compno < p_image->numcomps; compno++) { p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded; - p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + + if(p_image->comps[compno].data == NULL) return OPJ_FALSE; + + p_j2k->m_output_image->comps[compno].data = NULL; #if 0 char fn[256]; sprintf( fn, "/tmp/%d.raw", compno ); @@ -9444,7 +9455,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k, fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug ); fclose( debug ); #endif - p_j2k->m_output_image->comps[compno].data = NULL; } return OPJ_TRUE; @@ -9538,6 +9548,8 @@ OPJ_BOOL opj_j2k_get_tile( opj_j2k_t *p_j2k, p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data; + if (p_image->comps[compno].data == NULL) return OPJ_FALSE; + p_j2k->m_output_image->comps[compno].data = NULL; } -- 1.8.4.5
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
