~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-updates

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-8138.dpatch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-01-22 13:09:28 UTC
  • Revision ID: package-import@ubuntu.com-20150122130928-xatzfph16hrp2bof
Tags: 8.71.dfsg.1-0ubuntu5.7
* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
# Description: CVE-2014-8138: heap overflow in jp2_decode()
 
3
# Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=967280
 
4
# Bug-Debian: https://bugs.debian.org/773463
 
5
# Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1173162
 
6
# Forwarded: no
 
7
# Author: Tomas Hoger <thoger@redhat.com>
 
8
# Last-Update: 2014-12-20
 
9
 
 
10
@DPATCH@
 
11
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jp2/jp2_dec.c ghostscript-8.71.dfsg.1/jasper/src/libjasper/jp2/jp2_dec.c
 
12
--- ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jp2/jp2_dec.c 2015-01-22 13:04:35.000000000 -0500
 
13
+++ ghostscript-8.71.dfsg.1/jasper/src/libjasper/jp2/jp2_dec.c  2015-01-22 13:04:42.909802756 -0500
 
14
@@ -447,6 +447,11 @@
 
15
        /* Determine the type of each component. */
 
16
        if (dec->cdef) {
 
17
                for (i = 0; i < dec->numchans; ++i) {
 
18
+                       /* Is the channel number reasonable? */
 
19
+                       if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) {
 
20
+                               jas_eprintf("error: invalid channel number in CDEF box\n");
 
21
+                               goto error;
 
22
+                       }
 
23
                        jas_image_setcmpttype(dec->image,
 
24
                          dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
 
25
                          jp2_getct(jas_image_clrspc(dec->image),