Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:A
jasper
jasper-CVE-2016-9395.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jasper-CVE-2016-9395.patch of Package jasper
--- jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-10-26 08:57:31.000000000 +0200 +++ jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-12-13 10:49:36.673944174 +0100 @@ -489,6 +489,8 @@ unsigned int i; uint_fast8_t tmp; + siz->comps = 0; + /* Eliminate compiler warning about unused variables. */ cstate = 0; @@ -502,44 +504,67 @@ jpc_getuint32(in, &siz->tilexoff) || jpc_getuint32(in, &siz->tileyoff) || jpc_getuint16(in, &siz->numcomps)) { - return -1; + goto error; } - if (!siz->width || !siz->height || !siz->tilewidth || - !siz->tileheight || !siz->numcomps || siz->numcomps > 16384) { - return -1; - } - if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) { - jas_eprintf("all tiles are outside the image area\n"); - return -1; + if (!siz->width || !siz->height) { + jas_eprintf("reference grid cannot have zero area\n"); + goto error; + } + if (!siz->tilewidth || !siz->tileheight) { + jas_eprintf("tile cannot have zero area\n"); + goto error; + } + if (!siz->numcomps || siz->numcomps > 16384) { + jas_eprintf("number of components not in permissible range\n"); + goto error; + } + if (siz->xoff >= siz->width) { + jas_eprintf("XOsiz not in permissible range\n"); + goto error; + } + if (siz->yoff >= siz->height) { + jas_eprintf("YOsiz not in permissible range\n"); + goto error; + } + if (siz->tilexoff > siz->xoff || siz->tilexoff + siz->tilewidth <= siz->xoff) { + jas_eprintf("XTOsiz not in permissible range\n"); + goto error; + } + if (siz->tileyoff > siz->yoff || siz->tileyoff + siz->tileheight <= siz->yoff) { + jas_eprintf("YTOsiz not in permissible range\n"); + goto error; } + if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { - return -1; + goto error; } for (i = 0; i < siz->numcomps; ++i) { if (jpc_getuint8(in, &tmp) || jpc_getuint8(in, &siz->comps[i].hsamp) || jpc_getuint8(in, &siz->comps[i].vsamp)) { - jas_free(siz->comps); - return -1; + goto error; } if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp); - jas_free(siz->comps); - return -1; + goto error; } if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp); - jas_free(siz->comps); - return -1; + goto error; } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } if (jas_stream_eof(in)) { - jas_free(siz->comps); - return -1; + goto error; } return 0; + +error: + if (siz->comps) { + jas_free(siz->comps); + } + return -1; } static int jpc_siz_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor