Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
openjpeg.26661
openjpeg-CVE-2020-27824.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openjpeg-CVE-2020-27824.patch of Package openjpeg.26661
Index: openjpeg-1.5.2/libopenjpeg/dwt.c =================================================================== --- openjpeg-1.5.2.orig/libopenjpeg/dwt.c +++ openjpeg-1.5.2/libopenjpeg/dwt.c @@ -471,6 +471,14 @@ int dwt_getgain_real(int orient) { /* Get norm of 9-7 wavelet. */ /* </summary> */ double dwt_getnorm_real(int level, int orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return dwt_norms_real[orient][level]; } @@ -488,7 +496,7 @@ void dwt_calc_explicit_stepsizes(opj_tcc if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { stepsize = 1.0; } else { - double norm = dwt_norms_real[orient][level]; + double norm = dwt_getnorm_real(level, orient); stepsize = (1 << (gain)) / norm; } dwt_encode_stepsize((int) floor(stepsize * 8192.0), prec + gain, &tccp->stepsizes[bandno]);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor