aboutsummaryrefslogtreecommitdiff
path: root/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/openjpeg-CVE-2017-14164.patch')
-rw-r--r--gnu/packages/patches/openjpeg-CVE-2017-14164.patch89
1 files changed, 0 insertions, 89 deletions
diff --git a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch b/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
deleted file mode 100644
index 2bfc5a6a85..0000000000
--- a/gnu/packages/patches/openjpeg-CVE-2017-14164.patch
+++ /dev/null
@@ -1,89 +0,0 @@
-https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a.patch
-http://openwall.com/lists/oss-security/2017/09/06/3
-
-From dcac91b8c72f743bda7dbfa9032356bc8110098a Mon Sep 17 00:00:00 2001
-From: Even Rouault <even.rouault@spatialys.com>
-Date: Wed, 16 Aug 2017 17:09:10 +0200
-Subject: [PATCH] opj_j2k_write_sot(): fix potential write heap buffer overflow
- (#991)
-
----
- src/lib/openjp2/j2k.c | 25 ++++++++++++++++++++-----
- 1 file changed, 20 insertions(+), 5 deletions(-)
-
-diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
-index 54b490a8c..16915452e 100644
---- a/src/lib/openjp2/j2k.c
-+++ b/src/lib/openjp2/j2k.c
-@@ -832,13 +832,15 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
- * Writes the SOT marker (Start of tile-part)
- *
- * @param p_j2k J2K codec.
-- * @param p_data FIXME DOC
-- * @param p_data_written FIXME DOC
-+ * @param p_data Output buffer
-+ * @param p_total_data_size Output buffer size
-+ * @param p_data_written Number of bytes written into stream
- * @param p_stream the stream to write data to.
- * @param p_manager the user event manager.
- */
- static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_BYTE * p_data,
-+ OPJ_UINT32 p_total_data_size,
- OPJ_UINT32 * p_data_written,
- const opj_stream_private_t *p_stream,
- opj_event_mgr_t * p_manager);
-@@ -4201,6 +4203,7 @@ static OPJ_BOOL opj_j2k_write_tlm(opj_j2k_t *p_j2k,
-
- static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_BYTE * p_data,
-+ OPJ_UINT32 p_total_data_size,
- OPJ_UINT32 * p_data_written,
- const opj_stream_private_t *p_stream,
- opj_event_mgr_t * p_manager
-@@ -4214,6 +4217,12 @@ static OPJ_BOOL opj_j2k_write_sot(opj_j2k_t *p_j2k,
- OPJ_UNUSED(p_stream);
- OPJ_UNUSED(p_manager);
-
-+ if (p_total_data_size < 12) {
-+ opj_event_msg(p_manager, EVT_ERROR,
-+ "Not enough bytes in output buffer to write SOT marker\n");
-+ return OPJ_FALSE;
-+ }
-+
- opj_write_bytes(p_data, J2K_MS_SOT,
- 2); /* SOT */
- p_data += 2;
-@@ -11480,7 +11489,8 @@ static OPJ_BOOL opj_j2k_write_first_tile_part(opj_j2k_t *p_j2k,
-
- l_current_nb_bytes_written = 0;
- l_begin_data = p_data;
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data, p_total_data_size,
-+ &l_current_nb_bytes_written, p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }
-@@ -11572,7 +11582,10 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
- l_part_tile_size = 0;
- l_begin_data = p_data;
-
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data,
-+ p_total_data_size,
-+ &l_current_nb_bytes_written,
-+ p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }
-@@ -11615,7 +11628,9 @@ static OPJ_BOOL opj_j2k_write_all_tile_parts(opj_j2k_t *p_j2k,
- l_part_tile_size = 0;
- l_begin_data = p_data;
-
-- if (! opj_j2k_write_sot(p_j2k, p_data, &l_current_nb_bytes_written, p_stream,
-+ if (! opj_j2k_write_sot(p_j2k, p_data,
-+ p_total_data_size,
-+ &l_current_nb_bytes_written, p_stream,
- p_manager)) {
- return OPJ_FALSE;
- }
generated by cgit v1.2.3 (git 2.45.0) at 2024-11-27 06:36:19 +0000