~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-updates

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2014-8157.dpatch

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-01-22 13:09:28 UTC
  • Revision ID: package-import@ubuntu.com-20150122130928-xatzfph16hrp2bof
Tags: 8.71.dfsg.1-0ubuntu5.7
* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
# Description: fix denial of service or code execution via off-by-one
 
3
# Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch
 
4
# Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282
 
5
# Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775970
 
6
 
 
7
@DPATCH@
 
8
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jpc/jpc_dec.c ghostscript-8.71.dfsg.1/jasper/src/libjasper/jpc/jpc_dec.c
 
9
--- ghostscript-8.71.dfsg.1~/jasper/src/libjasper/jpc/jpc_dec.c 2015-01-22 13:04:53.000000000 -0500
 
10
+++ ghostscript-8.71.dfsg.1/jasper/src/libjasper/jpc/jpc_dec.c  2015-01-22 13:04:58.765956946 -0500
 
11
@@ -497,7 +497,7 @@
 
12
                dec->curtileendoff = 0;
 
13
        }
 
14
 
 
15
-       if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
 
16
+       if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
 
17
                jas_eprintf("invalid tile number in SOT marker segment\n");
 
18
                return -1;
 
19
        }