← Back to branch summary

~ubuntu-branches/ubuntu/raring/openjpeg/raring-proposed

« back to all changes in this revision

Viewing changes to debian/patches/cve-2012-3535.dpatch

  • Committer: Package Import Robot
  • Author(s): Sebastien Bacher
  • Date: 2012-11-06 12:06:27 UTC
  • mfrom: (9.1.1 sid)
  • Revision ID: package-import@ubuntu.com-20121106120627-1x4l480pazeyficq
Tags: 1.3+dfsg-4.6ubuntu1
* Resynchronize on Debian, remaining change
* Build-depend on libtiff-dev rather than libtiff4-dev.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/cve-2012-3535.dpatch
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
## cve-2012-3535.dpatch by Michael Gilbert <mgilbert@debian.org>
 
3
##
 
4
## All lines beginning with `## DP:' are a description of the patch.
 
5
## DP: No description.
 
6
 
 
7
@DPATCH@
 
8
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/j2k.c openjpeg-1.3+dfsg/libopenjpeg/j2k.c
 
9
--- openjpeg-1.3+dfsg~/libopenjpeg/j2k.c        2012-10-13 17:39:04.000000000 -0400
 
10
+++ openjpeg-1.3+dfsg/libopenjpeg/j2k.c 2012-10-13 17:39:05.000000000 -0400
 
11
@@ -719,6 +719,11 @@
 
12
                                        "of resolutions of this component\nModify the cp_reduce parameter.\n\n", compno);
 
13
                j2k->state |= J2K_STATE_ERR;
 
14
        }
 
15
+       if( tccp->numresolutions > J2K_MAXRLVLS ) {
 
16
+               opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding, truncating.\n");
 
17
+               j2k->state |= J2K_STATE_ERR;
 
18
+               tccp->numresolutions = J2K_MAXRLVLS;
 
19
+       }
 
20
 
 
21
        tccp->cblkw = cio_read(cio, 1) + 2;     /* SPcox (E) */
 
22
        tccp->cblkh = cio_read(cio, 1) + 2;     /* SPcox (F) */
 
23
diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' openjpeg-1.3+dfsg~/libopenjpeg/t2.c openjpeg-1.3+dfsg/libopenjpeg/t2.c
 
24
--- openjpeg-1.3+dfsg~/libopenjpeg/t2.c 2012-10-13 17:38:59.000000000 -0400
 
25
+++ openjpeg-1.3+dfsg/libopenjpeg/t2.c  2012-10-13 17:40:46.053362086 -0400
 
26
@@ -566,6 +566,9 @@
 
27
 #endif /* USE_JPWL */
 
28
                                
 
29
                                cblk->data = (unsigned char*) opj_realloc(cblk->data, (cblk->len + seg->newlen) * sizeof(unsigned char*));
 
30
+                               if ((cblk->len + seg->newlen) > 8192) {
 
31
+                                       return -999;
 
32
+                               }
 
33
                                memcpy(cblk->data + cblk->len, c, seg->newlen);
 
34
                                if (seg->numpasses == 0) {
 
35
                                        seg->data = &cblk->data;