packages/jbigkit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2017-9937

Browse Source 
(cherry picked from commit 2b54565f5499c686760fa98184848ef3e6b4d8d2)
This commit is contained in:
xingxing 2022-04-11 15:56:56 +08:00 committed by openeuler-sync-bot
parent 393560751f
commit 6c4ad10a9a
2 changed files with 63 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
backport-CVE-2017-9937.patch Normal file
View File

@ -0,0 +1,54 @@
From 535df935911c401d345cb004a2fa00eb7a727259 Mon Sep 17 00:00:00 2001
From: wiz <wiz@pkgsrc.org>
Date: Mon, 3 Aug 2020 21:34:06 +0000
Subject: [PATCH] jbigkit: fix CVE-2017-9937 using upstream commit
See e.g.
https://gitlab.com/libtiff/libtiff/-/issues/97
Bump PKGREVISION.
---
libjbig/jbig.c | 5 +++++
libjbig/jbig.h | 2 ++
2 files changed, 7 insertions(+)
diff --git a/libjbig/jbig.c b/libjbig/jbig.c
index 751ceff..7b5b99e 100644
--- a/libjbig/jbig.c
+++ b/libjbig/jbig.c
@@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *s)
s->xmax = 4294967295UL;
s->ymax = 4294967295UL;
s->dmax = 256;
+ s->maxmem = 2000000000; /* no final image larger than 2 GB by default */
s->s = NULL;
return;
@@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
return JBG_EIMPL | 5;
s->options = s->buffer[19];
+ /* will the final image require more bytes than permitted by s->maxmem? */
+ if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0)
+ return JBG_ENOMEM; /* increase s->maxmem if needed */
+
/* calculate number of stripes that will be required */
s->stripes = jbg_stripes(s->l0, s->yd, s->d);
diff --git a/libjbig/jbig.h b/libjbig/jbig.h
index 6799410..7a9cdf9 100644
--- a/libjbig/jbig.h
+++ b/libjbig/jbig.h
@@ -181,6 +181,8 @@ struct jbg_dec_state {
unsigned long xmax, ymax; /* if possible abort before image gets *
* larger than this size */
int dmax; /* abort after this layer */
+ size_t maxmem; /* return JBG_ENOMEM if final image layer D
+ would require more than maxmem bytes */
};
--
2.23.0

10
jbigkit.spec
View File

@ -1,6 +1,6 @@
Name: jbigkit Name: jbigkit
Version: 2.1 Version: 2.1
Release: 17 Release: 18
Summary: Lossless image compression library Summary: Lossless image compression library
License: GPLv2+ License: GPLv2+
@ -12,6 +12,8 @@ Patch0: jbigkit-2.1-shlib.patch
Patch1: jbigkit-2.0-warnings.patch Patch1: jbigkit-2.0-warnings.patch
Patch2: jbigkit-ldflags.patch Patch2: jbigkit-ldflags.patch
Patch6000: backport-CVE-2017-9937.patch
BuildRequires: gcc BuildRequires: gcc
Requires: %{name}-libs = %{version}-%{release} Requires: %{name}-libs = %{version}-%{release}
@ -79,6 +81,12 @@ make test
%{_mandir}/man1/* %{_mandir}/man1/*
%changelog %changelog
* Mon Apr 11 2022 xingxing <xingxing9@h-partners.com> - 2.1-18
- Type:CVE
- CVE:CVE-2017-9937
- SUG:NA
- DESC:fix CVE-2017-9937
* Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 2.1-17 * Mon Feb 17 2020 hexiujun <hexiujun1@huawei.com> - 2.1-17
- Type:enhancement - Type:enhancement
- ID:NA - ID:NA