pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/graphics/openjpeg/patches This patch is not needed any...
details: https://anonhg.NetBSD.org/pkgsrc/rev/299ffd69d511
branches: trunk
changeset: 611656:299ffd69d511
user: adam <adam%pkgsrc.org@localhost>
date: Thu Dec 06 17:09:58 2012 +0000
description:
This patch is not needed any more
diffstat:
graphics/openjpeg/patches/patch-libopenjpeg_j2k.c | 77 -----------------------
1 files changed, 0 insertions(+), 77 deletions(-)
diffs (81 lines):
diff -r 96fb7b36896d -r 299ffd69d511 graphics/openjpeg/patches/patch-libopenjpeg_j2k.c
--- a/graphics/openjpeg/patches/patch-libopenjpeg_j2k.c Thu Dec 06 17:09:18 2012 +0000
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,77 +0,0 @@
-$NetBSD: patch-libopenjpeg_j2k.c,v 1.2 2012/10/25 11:33:41 drochner Exp $
-
-CVE-2012-3358:
-A heap-based buffer overflow was found in the way OpenJPEG, an
-open-source JPEG 2000 codec written in C language, performed parsing of
-JPEG2000 having certain number of tiles and tilesizes. A remote
-attacker could provide a specially crafted JPEG 2000 file, which when
-opened in an application linked against openjpeg would lead to that
-application crash, or, potentially arbitrary code execution with the
-privileges of the user running the application.
-
-http://code.google.com/p/openjpeg/source/detail?r=1727
-
---- libopenjpeg/j2k.c.orig 2012-02-07 10:49:55.000000000 +0000
-+++ libopenjpeg/j2k.c
-@@ -684,6 +684,12 @@ static void j2k_read_cox(opj_j2k_t *j2k,
- "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno);
- j2k->state |= J2K_STATE_ERR;
- }
-+ if( tccp->numresolutions > J2K_MAXRLVLS ) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
-+ compno, tccp->numresolutions, J2K_MAXRLVLS);
-+ j2k->state |= J2K_STATE_ERR;
-+ tccp->numresolutions = J2K_MAXRLVLS;
-+ }
-
- tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */
- tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */
-@@ -1269,7 +1275,7 @@ static void j2k_read_sot(opj_j2k_t *j2k)
- static int backup_tileno = 0;
-
- /* tileno is negative or larger than the number of tiles!!! */
-- if ((tileno < 0) || (tileno > (cp->tw * cp->th))) {
-+ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
- opj_event_msg(j2k->cinfo, EVT_ERROR,
- "JPWL: bad tile number (%d out of a maximum of %d)\n",
- tileno, (cp->tw * cp->th));
-@@ -1286,8 +1292,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
-
- /* keep your private count of tiles */
- backup_tileno++;
-- };
-+ }
-+ else
- #endif /* USE_JPWL */
-+ {
-+ /* tileno is negative or larger than the number of tiles!!! */
-+ if ((tileno < 0) || (tileno >= (cp->tw * cp->th))) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "JPWL: bad tile number (%d out of a maximum of %d)\n",
-+ tileno, (cp->tw * cp->th));
-+ return;
-+ }
-+ }
-
- if (cp->tileno_size == 0) {
- cp->tileno[cp->tileno_size] = tileno;
-@@ -1325,8 +1341,18 @@ static void j2k_read_sot(opj_j2k_t *j2k)
- totlen);
- }
-
-- };
-+ }
-+ else
- #endif /* USE_JPWL */
-+ {
-+ /* totlen is negative or larger than the bytes left!!! */
-+ if ((totlen < 0) || (totlen > (cio_numbytesleft(cio) + 8))) {
-+ opj_event_msg(j2k->cinfo, EVT_ERROR,
-+ "JPWL: bad tile byte size (%d bytes against %d bytes left)\n",
-+ totlen, cio_numbytesleft(cio) + 8);
-+ return;
-+ }
-+ }
-
- if (!totlen)
- totlen = cio_numbytesleft(cio) + 8;
Home |
Main Index |
Thread Index |
Old Index