summary refs log tree commit diff
path: root/gnu/packages/patches/jasper-CVE-2014-8157.patch
blob: 62f4a6b32c90165609b40849f64fc8b577718952 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Fix CVE-2014-8157 (dec->numtiles off-by-one check in jpc_dec_process_sot()).

Copied from Fedora.

http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/tree/jasper-CVE-2014-8157.patch
https://bugzilla.redhat.com/show_bug.cgi?id=1179282

diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157	2015-01-19 16:59:36.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2015-01-19 17:07:41.609863268 +0100
@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
 		dec->curtileendoff = 0;
 	}
 
-	if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
+	if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
 		jas_eprintf("invalid tile number in SOT marker segment\n");
 		return -1;
 	}