File openjpeg-CVE-2020-8112.patch of Package openjpeg

Overview Repositories Revisions Requests Users Attributes Meta

File openjpeg-CVE-2020-8112.patch of Package openjpeg

Index: openjpeg-1.5.2/libopenjpeg/tcd.c
===================================================================
--- openjpeg-1.5.2.orig/libopenjpeg/tcd.c
+++ openjpeg-1.5.2/libopenjpeg/tcd.c
@@ -33,6 +33,7 @@
 #define _ISOC99_SOURCE /* lrintf is C99 */
 #include "opj_includes.h"
 #include <assert.h>
+#include <limits.h>
 
 void tcd_dump(FILE *fd, opj_tcd_t *tcd, opj_tcd_image_t * img) {
 	int tileno, compno, resno, bandno, precno;/*, cblkno;*/
@@ -230,8 +231,22 @@ void tcd_malloc_encode(opj_tcd_t *tcd, o
 				tlprcxstart = int_floordivpow2(res->x0, pdx) << pdx;
 				tlprcystart = int_floordivpow2(res->y0, pdy) << pdy;
 				
-				brprcxend = int_ceildivpow2(res->x1, pdx) << pdx;
-				brprcyend = int_ceildivpow2(res->y1, pdy) << pdy;
+				{
+				    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->x1,
+																	  (int)pdx)) << pdx;
+					if (tmp > (unsigned int)INT_MAX) {
+					    return;
+					}
+					brprcxend = (int)tmp;
+				}
+				{
+				    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->y1,
+																	  (int)pdy)) << pdy;
+					if (tmp > (unsigned int)INT_MAX) {
+					    return;
+					}
+					brprcyend = (int)tmp;
+				}
 				
 				res->pw = (brprcxend - tlprcxstart) >> pdx;
 				res->ph = (brprcyend - tlprcystart) >> pdy;
@@ -494,8 +509,23 @@ void tcd_init_encode(opj_tcd_t *tcd, opj
 				/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000)  */
 				tlprcxstart = int_floordivpow2(res->x0, pdx) << pdx;
 				tlprcystart = int_floordivpow2(res->y0, pdy) << pdy;
-				brprcxend = int_ceildivpow2(res->x1, pdx) << pdx;
-				brprcyend = int_ceildivpow2(res->y1, pdy) << pdy;
+
+				{
+				    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->x1,
+																	  (int)pdx)) << pdx;
+					if (tmp > (unsigned int)INT_MAX) {
+					    return;
+					}
+					brprcxend = (int)tmp;
+				}
+				{
+				    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->y1,
+																	  (int)pdy)) << pdy;
+					if (tmp > (unsigned int)INT_MAX) {
+					    return;
+					}
+					brprcyend = (int)tmp;
+				}
 				
 				res->pw = (brprcxend - tlprcxstart) >> pdx;
 				res->ph = (brprcyend - tlprcystart) >> pdy;
@@ -744,8 +774,23 @@ void tcd_malloc_decode_tile(opj_tcd_t *t
 			/* p. 64, B.6, ISO/IEC FDIS15444-1 : 2000 (18 august 2000)  */
 			tlprcxstart = int_floordivpow2(res->x0, pdx) << pdx;
 			tlprcystart = int_floordivpow2(res->y0, pdy) << pdy;
-			brprcxend = int_ceildivpow2(res->x1, pdx) << pdx;
-			brprcyend = int_ceildivpow2(res->y1, pdy) << pdy;
+
+			{
+			    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->x1,
+																  (int)pdx)) << pdx;
+				if (tmp > (unsigned int)INT_MAX) {
+				    return;
+				}
+				brprcxend = (int)tmp;
+			}
+			{
+			    unsigned int tmp = ((unsigned int)int_ceildivpow2(res->y1,
+																  (int)pdy)) << pdy;
+				if (tmp > (unsigned int)INT_MAX) {
+				    return;
+				}
+				brprcyend = (int)tmp;
+			}
 			
 			res->pw = (res->x0 == res->x1) ? 0 : ((brprcxend - tlprcxstart) >> pdx);
 			res->ph = (res->y0 == res->y1) ? 0 : ((brprcyend - tlprcystart) >> pdy);

Places

File openjpeg-CVE-2020-8112.patch of Package openjpeg

Places