diff options
author | Mark H Weaver <mhw@netris.org> | 2015-10-07 22:17:12 -0400 |
---|---|---|
committer | Mark H Weaver <mhw@netris.org> | 2015-10-07 22:18:13 -0400 |
commit | 7ab73c4addad7cf5358b988943871ea85192f692 (patch) | |
tree | daac18417460238dbc4bbfe805dfa7889a630e77 /gnu/packages | |
parent | d04efa0fff908de0f8822a27582b4b1c3dcae553 (diff) | |
download | patches-7ab73c4addad7cf5358b988943871ea85192f692.tar patches-7ab73c4addad7cf5358b988943871ea85192f692.tar.gz |
gnu: openjpeg-2.x: Add fix for CVE-2015-6581.
* gnu/packages/patches/openjpeg-CVE-2015-6581.patch: New file.
* gnu-system.am (dist_patch_DATA): Add it.
* gnu/packages/image.scm (openjpeg, openjpeg-2.0)[source]: Add patch.
Diffstat (limited to 'gnu/packages')
-rw-r--r-- | gnu/packages/image.scm | 6 | ||||
-rw-r--r-- | gnu/packages/patches/openjpeg-CVE-2015-6581.patch | 47 |
2 files changed, 51 insertions, 2 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm index 26f1be9a2f..23ad59ce9a 100644 --- a/gnu/packages/image.scm +++ b/gnu/packages/image.scm @@ -272,7 +272,8 @@ work.") version ".tar.gz")) (sha256 (base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj")) - (patches (list (search-patch "openjpeg-use-after-free-fix.patch"))))) + (patches (map search-patch '("openjpeg-use-after-free-fix.patch" + "openjpeg-CVE-2015-6581.patch"))))) (build-system cmake-build-system) (arguments ;; Trying to run `$ make check' results in a no rule fault. @@ -308,7 +309,8 @@ error-resilience, a Java-viewer for j2k-images, ...") version ".tar.gz")) (sha256 (base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z")) - (patches (list (search-patch "openjpeg-use-after-free-fix.patch"))))))) + (patches (map search-patch '("openjpeg-use-after-free-fix.patch" + "openjpeg-CVE-2015-6581.patch"))))))) (define-public openjpeg-1 (package (inherit openjpeg) diff --git a/gnu/packages/patches/openjpeg-CVE-2015-6581.patch b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch new file mode 100644 index 0000000000..7ce03501f4 --- /dev/null +++ b/gnu/packages/patches/openjpeg-CVE-2015-6581.patch @@ -0,0 +1,47 @@ +From 0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0 Mon Sep 17 00:00:00 2001 +From: Matthieu Darbois <mayeut@users.noreply.github.com> +Date: Tue, 19 May 2015 21:57:27 +0000 +Subject: [PATCH] [trunk] Correct potential double free on malloc failure in + opj_j2k_copy_default_tcp_and_create_tcp (fixes issue 492) + +--- + src/lib/openjp2/j2k.c | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c +index 8c62a39..cbdd368 100644 +--- a/src/lib/openjp2/j2k.c ++++ b/src/lib/openjp2/j2k.c +@@ -7365,6 +7365,12 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + l_tcp->cod = 0; + l_tcp->ppt = 0; + l_tcp->ppt_data = 00; ++ /* Remove memory not owned by this tile in case of early error return. */ ++ l_tcp->m_mct_decoding_matrix = 00; ++ l_tcp->m_nb_max_mct_records = 0; ++ l_tcp->m_mct_records = 00; ++ l_tcp->m_nb_max_mcc_records = 0; ++ l_tcp->m_mcc_records = 00; + /* Reconnect the tile-compo coding parameters pointer to the current tile coding parameters*/ + l_tcp->tccps = l_current_tccp; + +@@ -7402,6 +7408,8 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + + ++l_src_mct_rec; + ++l_dest_mct_rec; ++ /* Update with each pass to free exactly what has been allocated on early return. */ ++ l_tcp->m_nb_max_mct_records += 1; + } + + /* Get the mcc_record of the dflt_tile_cp and copy them into the current tile cp*/ +@@ -7411,6 +7419,7 @@ static OPJ_BOOL opj_j2k_copy_default_tcp_and_create_tcd ( opj_j2k_t * p_j2 + return OPJ_FALSE; + } + memcpy(l_tcp->m_mcc_records,l_default_tcp->m_mcc_records,l_mcc_records_size); ++ l_tcp->m_nb_max_mcc_records = l_default_tcp->m_nb_max_mcc_records; + + /* Copy the mcc record data from dflt_tile_cp to the current tile*/ + l_src_mcc_rec = l_default_tcp->m_mcc_records; +-- +2.5.0 + |