[openjpeg] - Use calloc in opj_image_create0 (SVN r501, rhbz#579548) - Avoid NULL pointer deref in jp2_decode (

Rex Dieter rdieter at fedoraproject.org
Tue Nov 23 15:57:33 UTC 2010 

commit c97d50364d55ae5cae67eabd52cb53be22ff1d0a
Author: Rex Dieter <rdieter at fedoraproject.org>
Date:   Tue Nov 23 09:58:25 2010 -0600

    - Use calloc in opj_image_create0 (SVN r501, rhbz#579548)
    - Avoid NULL pointer deref in jp2_decode (SVN r505, rhbz#609385)

 openjpeg-svn501-create0-calloc.patch        |   14 ++++++++++++++
 openjpeg-svn505-jp2_decode-NULL-deref.patch |   13 +++++++++++++
 openjpeg.spec                               |   21 ++++++++++++++++-----
 3 files changed, 43 insertions(+), 5 deletions(-)
---
diff --git a/openjpeg-svn501-create0-calloc.patch b/openjpeg-svn501-create0-calloc.patch
new file mode 100644
index 0000000..bd7c4fb
--- /dev/null
+++ b/openjpeg-svn501-create0-calloc.patch
@@ -0,0 +1,14 @@
+http://code.google.com/p/openjpeg/source/detail?r=501
+
+diff -up OpenJPEG_v1_3/libopenjpeg/image.c.patch29 OpenJPEG_v1_3/libopenjpeg/image.c
+--- OpenJPEG_v1_3/libopenjpeg/image.c.patch29	2007-10-18 07:26:11.000000000 -0500
++++ OpenJPEG_v1_3/libopenjpeg/image.c	2010-11-23 09:49:21.002933254 -0600
+@@ -27,7 +27,7 @@
+ #include "opj_includes.h"
+ 
+ opj_image_t* opj_image_create0(void) {
+-	opj_image_t *image = (opj_image_t*)opj_malloc(sizeof(opj_image_t));
++	opj_image_t *image = (opj_image_t*)opj_calloc(1, sizeof(opj_image_t));
+ 	return image;
+ }
+ 
diff --git a/openjpeg-svn505-jp2_decode-NULL-deref.patch b/openjpeg-svn505-jp2_decode-NULL-deref.patch
new file mode 100644
index 0000000..1a92860
--- /dev/null
+++ b/openjpeg-svn505-jp2_decode-NULL-deref.patch
@@ -0,0 +1,13 @@
+http://code.google.com/p/openjpeg/source/detail?r=505
+
+diff -up OpenJPEG_v1_3/libopenjpeg/jp2.c.patch30 OpenJPEG_v1_3/libopenjpeg/jp2.c
+--- OpenJPEG_v1_3/libopenjpeg/jp2.c.patch30	2007-10-18 07:26:11.000000000 -0500
++++ OpenJPEG_v1_3/libopenjpeg/jp2.c	2010-11-23 09:51:47.701170527 -0600
+@@ -561,6 +561,7 @@ opj_image_t* jp2_decode(opj_jp2_t *jp2, 
+ 	image = j2k_decode(jp2->j2k, cio, cstr_info);
+ 	if(!image) {
+ 		opj_event_msg(cinfo, EVT_ERROR, "Failed to decode J2K image\n");
++		return NULL;
+ 	}
+ 
+ 	/* Set Image Color Space */
diff --git a/openjpeg.spec b/openjpeg.spec
index 5da7c86..636e2af 100644
--- a/openjpeg.spec
+++ b/openjpeg.spec
@@ -4,11 +4,13 @@
 
 ## enable conformance tests, bloats srpm
 # enable for rawhide only, should disable in production releases
-%define check 1
+%if 0%{?fedora} > 14
+%define runcheck 1
+%endif
 
 Name:    openjpeg
 Version: 1.3
-Release: 9%{?dist}
+Release: 10%{?dist}
 Summary: JPEG 2000 command line tools
 
 Group:     Applications/Multimedia
@@ -17,7 +19,7 @@ URL:       http://www.openjpeg.org/
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
 Source0: http://www.openjpeg.org/openjpeg_v1_3.tar.gz
-%if 0%{?check}
+%if 0%{?runcheck}
 Source1: http://www.crc.ricoh.com/~gormish/jpeg2000conformance/j2kp4files_v1_5.zip
 %endif
 
@@ -41,6 +43,8 @@ Patch25: openjpeg-20070821svn-t1-flags-stride.patch
 Patch26: openjpeg-20070821svn-t1-updateflags-x86_64.patch
 Patch27: openjpeg-svn470-t1-flags-mmx.patch
 Patch28: openjpeg-20070719svn-mqc-more-optimize.patch
+Patch29: openjpeg-svn501-create0-calloc.patch
+Patch30: openjpeg-svn505-jp2_decode-NULL-deref.patch
 
 ## upstreamable patches
 # libopenjpeg has undefined references, http://bugzilla.redhat.com/467661
@@ -67,7 +71,8 @@ The %{name}-devel package contains libraries and header files for
 developing applications that use OpenJPEG.
 
 %prep
-%setup -q -n OpenJPEG_v1_3 -a 1
+%setup -q -n OpenJPEG_v1_3 %{?runcheck:-a 1}
+
 # Windows stuff, delete it, it slows down patch making
 rm -rf jp3d
 # Make sure we use system libraries
@@ -87,6 +92,8 @@ rm -rf libs
 %patch21 -p1
 %patch28 -p1
 %patch50 -p1 -b .libm
+%patch29 -p1
+%patch30 -p1
 
 # fix permissions
 find . -type f -print0 | xargs -0 chmod a-x
@@ -124,7 +131,7 @@ ln -s openjpeg/openjpeg.h %{buildroot}%{_includedir}/openjpeg.h
 ## in mock, rawhide/f14, 20100707
 #The following tests FAILED:
 #	  9 - j2i-p0_07.j2k (OTHER_FAULT)
-%if 0%{?check}
+%if 0%{?runcheck}
 make test -C %{_target_platform} ||:
 %endif
 
@@ -160,6 +167,10 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Fri Oct  1 2010 Tomas Hoger <thoger at fedoraproject.org> - 1.3-10
+- Use calloc in opj_image_create0 (SVN r501, rhbz#579548)
+- Avoid NULL pointer deref in jp2_decode (SVN r505, rhbz#609385)
+
 * Wed Jul 07 2010 Rex Dieter <rdieter at fedoraproject.org> - 1.3-9
 - include test samples, enable tests
 - tighten subpkg deps

More information about the scm-commits mailing list