summary refs log tree commit diff
path: root/gnu/packages/patches/jasper-CVE-2016-1867.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/jasper-CVE-2016-1867.patch')
-rw-r--r--gnu/packages/patches/jasper-CVE-2016-1867.patch18
1 files changed, 18 insertions, 0 deletions
diff --git a/gnu/packages/patches/jasper-CVE-2016-1867.patch b/gnu/packages/patches/jasper-CVE-2016-1867.patch
new file mode 100644
index 0000000000..2d2ca6f014
--- /dev/null
+++ b/gnu/packages/patches/jasper-CVE-2016-1867.patch
@@ -0,0 +1,18 @@
+Fix CVE-2016-1867 (Out-of-bounds read in jpc_pi_nextcprl()).
+
+Copied from SUSE.
+
+https://bugzilla.suse.com/show_bug.cgi?id=961886
+https://bugzilla.redhat.com/show_bug.cgi?id=1298135
+
+--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2016-01-14 14:22:24.569056412 +0100
+@@ -429,7 +429,7 @@
+ 	}
+ 
+ 	for (pi->compno = pchg->compnostart, pi->picomp =
+-	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
++	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
+ 	  ++pi->picomp) {
+ 		pirlvl = pi->picomp->pirlvls;
+ 		pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-01-16 15:46:45 +0000