fix CVE-2024-31744
(cherry picked from commit 3503859d50c1fd22b72b549c6984b586d8cfa753)
This commit is contained in:
cenhuilin
openeuler-sync-bot
parent
a338365797
commit
93286572ff
43
backport_CVE-2024-31744.patch
Normal file
43
backport_CVE-2024-31744.patch
Normal file
@ -0,0 +1,43 @@
|
||||
From 6d084c53a77762f41bb5310713a5f1872fef55f5 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Adams <mdadams@ece.uvic.ca>
|
||||
Date: Sun, 28 Apr 2024 10:43:08 +0800
|
||||
Subject: [PATCH] Fixes #381.
|
||||
Added a missing check to the jpc_dec_process_sod function of the JPC codec.
|
||||
Added another image to the test set.
|
||||
---
|
||||
data/test/bad/318.jpc | Bin 0 -> 320 bytes
|
||||
src/libjasper/jpc/jpc_dec.c | 4 +++-
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
create mode 100644 data/test/bad/318.jpc
|
||||
|
||||
diff --git a/data/test/bad/318.jpc b/data/test/bad/318.jpc
|
||||
new file mode 100644
|
||||
index 0000000000000000000000000000000000000000..8446ccb36b5a6ab04b1d7621ff2f9ae9980cd047
|
||||
GIT binary patch
|
||||
literal 320
|
||||
zcmezG|38pHp8*88fLIdDf)F4+2txoPJ0leRPhj8yiLw6w_lAM-e+&b!gM)`h00jL{
|
||||
zXHbRe08yxBFeA(e0-M3ez|6veX+{dr3`Xao)Wnk16osTpg*X41fXW!aR`GdwxI?Xq
|
||||
z11d`bD=P#m^Djt!=M|9Ru27a*RGgWgr(mRKqG#}b0@N33K#L~dhdB<YIL|A<6{@%g
|
||||
ySuqm>1LGZ#;^SAiPO>wqbm$)~zU%$&Nbbcrw#w=D+^b5y{E|Ib&pabRX%_&AicE?C
|
||||
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
|
||||
index e76aa40..125a29b 100644
|
||||
--- a/src/libjasper/jpc/jpc_dec.c
|
||||
+++ b/src/libjasper/jpc/jpc_dec.c
|
||||
@@ -611,7 +611,9 @@ static int jpc_dec_process_sod(jpc_dec_t *dec, jpc_ms_t *ms)
|
||||
if (dec->pkthdrstreams) {
|
||||
/* Get the stream containing the packet header data for this
|
||||
tile-part. */
|
||||
- if (!(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams, 0))) {
|
||||
+ if (jpc_streamlist_numstreams(dec->pkthdrstreams) != 0 &&
|
||||
+ !(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams,
|
||||
+ 0))) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
--
|
||||
2.23.0
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: jasper
|
||||
Version: 4.1.0
|
||||
Release: 3
|
||||
Release: 4
|
||||
Summary: Reference implementation of the codec specified in the JPEG-2000 standard, Part 1
|
||||
License: JasPer-2.0
|
||||
URL: http://www.ece.uvic.ca/~frodo/jasper/
|
||||
@ -8,6 +8,7 @@ Source0: https://github.com/jasper-software/%{name}/archive/refs/tag
|
||||
|
||||
Patch0001: jasper-4.1.0-rpath.patch
|
||||
Patch0002: backport_CVE-2023-51257.patch
|
||||
Patch0003: backport_CVE-2024-31744.patch
|
||||
|
||||
BuildRequires: cmake freeglut-devel libGLU-devel libjpeg-devel libXmu-devel libXi-devel
|
||||
BuildRequires: pkgconfig doxygen mesa-libGL-devel git
|
||||
@ -86,6 +87,9 @@ make test -C builder
|
||||
%doc README.md
|
||||
|
||||
%changelog
|
||||
* Sun Apr 28 2024 cenhuilin <cenhuilin@kylinos.cn> - 4.1.0-4
|
||||
- fix CVE-2024-31744
|
||||
|
||||
* Wed Mar 27 2024 panchenbo <panchenbo@kylinsec.com.cn> - 4.1.0-3
|
||||
- fix rpmbuild build error : add BuildRequires: git
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user