[openjpeg/f17] fix CVE-2009-5030
Rex Dieter
rdieter at fedoraproject.org
Sun Jun 17 17:45:10 UTC 2012
commit 3d9b42140d02791112f2f7d98f0c33ccb18d0ed4
Author: Rex Dieter <rdieter at fedoraproject.org>
Date: Sun Jun 17 12:35:19 2012 -0500
fix CVE-2009-5030
openjpeg: Heap memory corruption leading to invalid free
by processing certain Gray16 TIFF images (#812317)
openjpeg-1.4-r1703_backport.patch | 12 ++++++++++++
openjpeg.spec | 4 ++++
2 files changed, 16 insertions(+), 0 deletions(-)
---
diff --git a/openjpeg-1.4-r1703_backport.patch b/openjpeg-1.4-r1703_backport.patch
new file mode 100644
index 0000000..f2f03b4
--- /dev/null
+++ b/openjpeg-1.4-r1703_backport.patch
@@ -0,0 +1,12 @@
+diff -up openjpeg_v1_4_sources_r697/libopenjpeg/tcd.c.r1703 openjpeg_v1_4_sources_r697/libopenjpeg/tcd.c
+--- openjpeg_v1_4_sources_r697/libopenjpeg/tcd.c.r1703 2011-01-02 12:14:45.000000000 -0600
++++ openjpeg_v1_4_sources_r697/libopenjpeg/tcd.c 2012-06-17 12:33:22.590298592 -0500
+@@ -332,7 +332,7 @@ void tcd_malloc_encode(opj_tcd_t *tcd, o
+ cblk->y0 = int_max(cblkystart, prc->y0);
+ cblk->x1 = int_min(cblkxend, prc->x1);
+ cblk->y1 = int_min(cblkyend, prc->y1);
+- cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char));
++ cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char));
+ /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */
+ cblk->data += 2;
+ cblk->layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t));
diff --git a/openjpeg.spec b/openjpeg.spec
index 20c8d05..6e8e7af 100644
--- a/openjpeg.spec
+++ b/openjpeg.spec
@@ -57,6 +57,8 @@ Patch55: openjpeg-1.4-OpenJPEGConfig.patch
Patch100: openjpeg-1.4-poppler_regression.patch
# http://code.google.com/p/openjpeg/source/detail?r=1330
Patch101: openjpeg-1.4-r1330_backport.patch
+# http://code.google.com/p/openjpeg/source/detail?r=1703
+Patch102: openjpeg-1.4-r1703_backport.patch
%description
OpenJPEG is an open-source JPEG 2000 codec written in C. It has been
@@ -99,6 +101,7 @@ autoreconf -i -f
#patch100 -p1 -b .poppler_regression
#endif
%patch101 -p1 -b .r1330_backport
+%patch102 -p1 -b .r1703_backport
%build
@@ -198,6 +201,7 @@ rm -rf %{buildroot}
%changelog
* Sun Jun 17 2012 Rex Dieter <rdieter at fedoraproject.org> 1.4-13
- CVE-2012-1499 openjpeg: Out-of heap-based buffer write by processing palette information in certain JPEG 2000 images (#805912)
+- CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images (#812317)
* Thu Mar 01 2012 Rex Dieter <rdieter at fedoraproject.org> 1.4-12
- revert poppler regression patch, breaks ABI (#796500)
More information about the scm-commits
mailing list