~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-updates

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-9029.dpatch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2014-12-05 15:47:32 UTC
  • Revision ID: package-import@ubuntu.com-20141205154732-y6hfti7jmmqg2p5r
Tags: 8.71.dfsg.1-0ubuntu5.6
* SECURITY UPDATE: heap overflows via crafted jp2 file
  - debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-9029

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
# Description: fix heap overflows via crafted jp2 file
 
3
# Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff
 
4
# Bug-Debian: https://bugs.debian.org/772036
 
5
# Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1167537
 
6
# Author: Tomas Hoger <thoger@redhat.com>
 
7
 
 
8
@DPATCH@
 
9
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jpc/jpc_dec.c ghostscript-8.71.dfsg.1/jasper/src/libjasper/jpc/jpc_dec.c
 
10
--- ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jpc/jpc_dec.c 2014-12-05 15:45:59.000000000 -0500
 
11
+++ ghostscript-8.71.dfsg.1/jasper/src/libjasper/jpc/jpc_dec.c  2014-12-05 15:47:13.214854754 -0500
 
12
@@ -1295,7 +1295,7 @@
 
13
        jpc_coc_t *coc = &ms->parms.coc;
 
14
        jpc_dec_tile_t *tile;
 
15
 
 
16
-       if (JAS_CAST(int, coc->compno) > dec->numcomps) {
 
17
+       if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
 
18
                jas_eprintf(
 
19
                  "invalid component number in COC marker segment\n");
 
20
                return -1;
 
21
@@ -1322,7 +1322,7 @@
 
22
        jpc_rgn_t *rgn = &ms->parms.rgn;
 
23
        jpc_dec_tile_t *tile;
 
24
 
 
25
-       if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
 
26
+       if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
 
27
                jas_eprintf(
 
28
                  "invalid component number in RGN marker segment\n");
 
29
                return -1;
 
30
@@ -1372,7 +1372,7 @@
 
31
        jpc_qcc_t *qcc = &ms->parms.qcc;
 
32
        jpc_dec_tile_t *tile;
 
33
 
 
34
-       if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
 
35
+       if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
 
36
                jas_eprintf(
 
37
                  "invalid component number in QCC marker segment\n");
 
38
                return -1;