A new user interface for you! Read more...

File openjpeg2-CVE-2016-9112.patch of Package openjpeg2

From 6a9db6b20e2007b2770d9942dfd513a66c7d4f93 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@cl.no>
Date: Wed, 14 Dec 2016 23:53:49 +0100
Subject: [PATCH 7/9] CVE-2016-9112

---
 src/lib/openjp2/pi.c  |  8 ++++++++
 src/lib/openjp3d/pi.c | 18 ++++++++++++++++++
 src/lib/openmj2/pi.c  | 12 ++++++++++++
 3 files changed, 38 insertions(+)

diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c
index 1d8db41..04f6a26 100644
--- a/src/lib/openjp2/pi.c
+++ b/src/lib/openjp2/pi.c
@@ -360,9 +360,13 @@ if (!pi->tp_on){
 					try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno));
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+					if ((OPJ_INT32)(comp->dy << rpy) < 1)
+						continue;
 					if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
 						continue;	
 					}
+					if ((OPJ_INT32)(comp->dx << rpx) < 1)
+						continue;
 					if (!((pi->x % (OPJ_INT32)(comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
 						continue;
 					}
@@ -520,9 +524,13 @@ OPJ_BOOL opj_pi_next_cprl(opj_pi_iterator_t * pi) {
 					try1 = opj_int_ceildiv(pi->ty1, (OPJ_INT32)(comp->dy << levelno));
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+					if ((OPJ_INT32)(comp->dy << rpy) < 1)
+						continue;
 					if (!((pi->y % (OPJ_INT32)(comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
 						continue;	
 					}
+					if ((OPJ_INT32)(comp->dx << rpx) < 1)
+						continue;
 					if (!((pi->x % (OPJ_INT32)(comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
 						continue;
 					}
diff --git a/src/lib/openjp3d/pi.c b/src/lib/openjp3d/pi.c
index 1ea2ad5..01a2ce4 100644
--- a/src/lib/openjp3d/pi.c
+++ b/src/lib/openjp3d/pi.c
@@ -215,12 +215,18 @@ static bool pi_next_rpcl(opj_pi_iterator_t * pi) {
 						rpx = res->pdx + levelnox;
 						rpy = res->pdy + levelnoy;
 						rpz = res->pdz + levelnoz;
+						if ((comp->dx << rpx) < 1)
+							continue;
 						if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 && (trx0 << levelnox) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dy << rpy) < 1)
+							continue;
 						if ((!(pi->y % (comp->dy << rpy) == 0) || (pi->y == pi->ty0 && (try0 << levelnoy) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dz << rpz) < 1)
+							continue;
 						if ((!(pi->z % (comp->dz << rpz) == 0) || (pi->z == pi->tz0 && (trz0 << levelnoz) % (1 << rpx)))) {
 							continue;
 						}
@@ -309,12 +315,18 @@ for (pi->z = pi->tz0; pi->z < pi->tz1; pi->z += pi->dz - (pi->z % pi->dz)) {
 						rpx = res->pdx + levelnox;
 						rpy = res->pdy + levelnoy;
 						rpz = res->pdz + levelnoz;
+						if ((comp->dx << rpx) < 1)
+							continue;
 						if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 && (trx0 << levelnox) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dy << rpy) < 1)
+							continue;
 						if ((!(pi->y % (comp->dy << rpy) == 0) || (pi->y == pi->ty0 && (try0 << levelnoy) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dz << rpz) < 1)
+							continue;
 						if ((!(pi->z % (comp->dz << rpz) == 0) || (pi->z == pi->tz0 && (trz0 << levelnoz) % (1 << rpx)))) {
 							continue;
 						}
@@ -400,12 +412,18 @@ static bool pi_next_cprl(opj_pi_iterator_t * pi) {
 						rpx = res->pdx + levelnox;
 						rpy = res->pdy + levelnoy;
 						rpz = res->pdz + levelnoz;
+						if ((comp->dx << rpx) < 1)
+							continue;
 						if ((!(pi->x % (comp->dx << rpx) == 0) || (pi->x == pi->tx0 && (trx0 << levelnox) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dy << rpy) < 1)
+							continue;
 						if ((!(pi->y % (comp->dy << rpy) == 0) || (pi->y == pi->ty0 && (try0 << levelnoy) % (1 << rpx)))) {
 							continue;
 						}
+						if ((comp->dz << rpz) < 1)
+							continue;
 						if ((!(pi->z % (comp->dz << rpz) == 0) || (pi->z == pi->tz0 && (trz0 << levelnoz) % (1 << rpx)))) {
 							continue;
 						}
diff --git a/src/lib/openmj2/pi.c b/src/lib/openmj2/pi.c
index a22078b..9152d1f 100644
--- a/src/lib/openmj2/pi.c
+++ b/src/lib/openmj2/pi.c
@@ -215,9 +215,13 @@ if (!pi->tp_on){
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+					if ((comp->dy << rpy) < 1)
+						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
 						continue;	
 					}
+					if ((comp->dx << rpx) < 1)
+						continue;
 					if (!((pi->x % (comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
 						continue; 
 					}
@@ -296,9 +300,13 @@ static opj_bool pi_next_pcrl(opj_pi_iterator_t * pi) {
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+					if ((comp->dy << rpy) < 1)
+						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
 						continue;	
 					}
+					if ((comp->dx << rpx) < 1)
+						continue;
 					if (!((pi->x % (comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
 						continue; 
 					}
@@ -375,9 +383,13 @@ static opj_bool pi_next_cprl(opj_pi_iterator_t * pi) {
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+					if ((comp->dy << rpy) < 1)
+						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
 						continue;	
 					}
+					if ((comp->dx << rpx) < 1)
+						continue;
 					if (!((pi->x % (comp->dx << rpx) == 0) || ((pi->x == pi->tx0) && ((trx0 << levelno) % (1 << rpx))))){
 						continue; 
 					}
-- 
1.8.4.5