Overview

File jasper-CVE-2017-5498.patch of Package jasper.4397

--- jasper-1.900.14/configure.ac	2017-03-17 08:43:25.687753771 +0100
+++ jasper-1.900.14/configure.ac	2017-03-17 09:16:38.537161365 +0100
@@ -130,6 +130,16 @@
 /* If configure is being used, this symbol will be defined automatically
   at this point in the configuration header file. */
 
+#if defined(__GNUC__)
+#define JAS_ATTRIBUTE_DISABLE_USAN \
+  __attribute__((no_sanitize_undefined))
+#elif defined(__clang__)
+#define JAS_ATTRIBUTE_DISABLE_USAN \
+  __attribute__((no_sanitize("undefined")))
+#else
+#define JAS_ATTRIBUTE_DISABLE_USAN
+#endif
+
 /* The preprocessor symbol JAS_WIN_MSVC_BUILD should not be defined
   unless the JasPer software is being built under Microsoft Windows
   using Microsoft Visual C. */
--- jasper-1.900.14/src/appl/imgcmp.c	2017-03-17 08:43:25.687753771 +0100
+++ jasper-1.900.14/src/appl/imgcmp.c	2017-03-17 09:17:02.777161456 +0100
@@ -439,7 +439,7 @@
 	s = 0.0;
 	for (i = 0; i < jas_matrix_numrows(x); i++) {
 		for (j = 0; j < jas_matrix_numcols(x); j++) {
-			d = abs(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j));
+			d = JAS_ABS(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j));
 			if (d > s) {
 				s = d;
 			}
--- jasper-1.900.14/src/appl/jiv.c	2017-03-17 08:43:25.687753771 +0100
+++ jasper-1.900.14/src/appl/jiv.c	2017-03-17 09:17:02.777161456 +0100
@@ -377,7 +377,7 @@
 
 	assert(regwidth > 0);
 	assert(regheight > 0);
-	assert(abs(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5);
+	assert(JAS_ABS(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5);
 
 	glClear(GL_COLOR_BUFFER_BIT);
 	glPixelStorei(GL_UNPACK_ALIGNMENT, sizeof(GLshort));
--- jasper-1.900.14/src/libjasper/include/jasper/jas_image.h	2017-03-17 08:43:25.667753771 +0100
+++ jasper-1.900.14/src/libjasper/include/jasper/jas_image.h	2017-03-17 09:17:02.777161456 +0100
@@ -93,8 +93,12 @@
  * Miscellaneous constants.
  */
 
+/* Basic units */
+#define JAS_IMAGE_KIBI			(JAS_CAST(size_t, 1024))
+#define JAS_IMAGE_MEBI			(JAS_IMAGE_KIBI * JAS_IMAGE_KIBI)
+
 /* The threshold at which image data is no longer stored in memory. */
-#define JAS_IMAGE_INMEMTHRESH	(16 * 1024 * 1024)
+#define JAS_IMAGE_INMEMTHRESH	(256 * JAS_IMAGE_MEBI)
 
 /*
  * Component types
--- jasper-1.900.14/src/libjasper/include/jasper/jas_math.h	2017-03-17 08:43:25.667753771 +0100
+++ jasper-1.900.14/src/libjasper/include/jasper/jas_math.h	2017-03-17 09:17:02.777161456 +0100
@@ -75,6 +75,7 @@
 \******************************************************************************/
 
 #include <jasper/jas_config.h>
+#include <jasper/jas_types.h>
 
 #include <assert.h>
 #include <stdio.h>
@@ -116,9 +117,12 @@
 *
 \******************************************************************************/
 
-__attribute__ ((no_sanitize_undefined))
+JAS_ATTRIBUTE_DISABLE_USAN
 inline static int jas_int_asr(int x, int n)
 {
+	// Ensure that the shift of a negative value appears to behave as a
+	// signed arithmetic shift.
+	assert(((-1) >> 1) == -1);
 	assert(n >= 0);
 	// The behavior is undefined when x is negative. */
 	// We tacitly assume the behavior is equivalent to a signed
@@ -126,9 +130,12 @@
 	return x >> n;
 }
 
-__attribute__ ((no_sanitize_undefined))
+JAS_ATTRIBUTE_DISABLE_USAN
 inline static int jas_int_asl(int x, int n)
 {
+	// Ensure that the shift of a negative value appears to behave as a
+	// signed arithmetic shift.
+	assert(((-1) << 1) == -2);
 	assert(n >= 0);
 	// The behavior is undefined when x is negative. */
 	// We tacitly assume the behavior is equivalent to a signed
@@ -136,9 +143,12 @@
 	return x << n;
 }
 
-__attribute__ ((no_sanitize_undefined))
+JAS_ATTRIBUTE_DISABLE_USAN
 inline static int jas_fast32_asr(int_fast32_t x, int n)
 {
+	// Ensure that the shift of a negative value appears to behave as a
+	// signed arithmetic shift.
+	assert(((JAS_CAST(int_fast32_t, -1)) >> 1) == JAS_CAST(int_fast32_t, -1));
 	assert(n >= 0);
 	// The behavior is undefined when x is negative. */
 	// We tacitly assume the behavior is equivalent to a signed
@@ -146,9 +156,12 @@
 	return x >> n;
 }
 
-__attribute__ ((no_sanitize_undefined))
+JAS_ATTRIBUTE_DISABLE_USAN
 inline static int jas_fast32_asl(int_fast32_t x, int n)
 {
+	// Ensure that the shift of a negative value appears to behave as a
+	// signed arithmetic shift.
+	assert(((JAS_CAST(int_fast32_t, -1)) << 1) == JAS_CAST(int_fast32_t, -2));
 	assert(n >= 0);
 	// The behavior is undefined when x is negative. */
 	// We tacitly assume the behavior is equivalent to a signed
--- jasper-1.900.14/src/libjasper/jpc/jpc_enc.c	2017-03-17 08:43:25.671753771 +0100
+++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c	2017-03-17 09:17:02.777161456 +0100
@@ -1215,7 +1215,7 @@
 					mxmag = 0;
 					for (y = 0; y < JAS_CAST(uint_fast32_t, jas_matrix_numrows(band->data)); ++y) {
 						for (x = 0; x < JAS_CAST(uint_fast32_t, jas_matrix_numcols(band->data)); ++x) {
-							mag = abs(jas_matrix_get(band->data, y, x));
+							mag = JAS_ABS(jas_matrix_get(band->data, y, x));
 							if (mag > mxmag) {
 								mxmag = mag;
 							}
--- jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c	2017-03-17 08:43:25.671753771 +0100
+++ jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c	2017-03-17 09:17:02.777161456 +0100
@@ -117,9 +117,9 @@
 	jpc_enc_cblk_t *endcblks;
 	int i;
 	int j;
-	int mx;
-	int bmx;
-	int v;
+	jpc_fix_t mx;
+	jpc_fix_t bmx;
+	jpc_fix_t v;
 	jpc_enc_tile_t *tile;
 	uint_fast32_t prcno;
 	jpc_enc_prc_t *prc;
@@ -148,7 +148,7 @@
 						mx = 0;
 						for (i = 0; i < jas_matrix_numrows(cblk->data); ++i) {
 							for (j = 0; j < jas_matrix_numcols(cblk->data); ++j) {
-								v = abs(jas_matrix_get(cblk->data, i, j));
+								v = JAS_ABS(jas_matrix_get(cblk->data, i, j));
 								if (v > mx) {
 									mx = v;
 								}
@@ -407,15 +407,15 @@
 
 #define	sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, vcausalflag) \
 { \
-	int f; \
+	jpc_fix_t f; \
 	int v; \
 	f = *(fp); \
 	if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG | JPC_VISIT))) { \
-		v = (abs(*(dp)) & (one)) ? 1 : 0; \
+		v = (JAS_ABS(*(dp)) & (one)) ? 1 : 0; \
 		jpc_mqenc_setcurctx(mqenc, JPC_GETZCCTXNO(f, (orient))); \
 		jpc_mqenc_putbit(mqenc, v); \
 		if (v) { \
-			*(nmsedec) += JPC_GETSIGNMSEDEC(abs(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
+			*(nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
 			v = ((*(dp) < 0) ? 1 : 0); \
 			jpc_mqenc_setcurctx(mqenc, JPC_GETSCCTXNO(f)); \
 			jpc_mqenc_putbit(mqenc, v ^ JPC_GETSPB(f)); \
@@ -506,14 +506,14 @@
 #define	rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, vcausalflag) \
 { \
 	jpc_fix_t f = *(fp); \
-	jpc_fix_t v; \
+	int v; \
 	if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG | JPC_VISIT))) { \
-		v = (abs(*(dp)) & (one)) ? 1 : 0; \
+		v = (JAS_ABS(*(dp)) & (one)) ? 1 : 0; \
 		if ((jpc_bitstream_putbit((out), v)) == EOF) { \
 			return -1; \
 		} \
 		if (v) { \
-			*(nmsedec) += JPC_GETSIGNMSEDEC(abs(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
+			*(nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
 			v = ((*(dp) < 0) ? 1 : 0); \
 			if (jpc_bitstream_putbit(out, v) == EOF) { \
 				return -1; \
@@ -619,9 +619,9 @@
 	int v; \
 	if (((*(fp)) & (JPC_SIG | JPC_VISIT)) == JPC_SIG) { \
 		(d) = *(dp); \
-		*(nmsedec) += JPC_GETREFNMSEDEC(abs(d), (bitpos) + JPC_NUMEXTRABITS); \
+		*(nmsedec) += JPC_GETREFNMSEDEC(JAS_ABS(d), (bitpos) + JPC_NUMEXTRABITS); \
 		jpc_mqenc_setcurctx((mqenc), JPC_GETMAGCTXNO(*(fp))); \
-		v = (abs(d) & (one)) ? 1 : 0; \
+		v = (JAS_ABS(d) & (one)) ? 1 : 0; \
 		jpc_mqenc_putbit((mqenc), v); \
 		*(fp) |= JPC_REFINE; \
 	} \
@@ -708,11 +708,11 @@
 #define	rawrefpass_step(fp, dp, bitpos, one, nmsedec, out, vcausalflag) \
 { \
 	jpc_fix_t d; \
-	jpc_fix_t v; \
+	int v; \
 	if (((*(fp)) & (JPC_SIG | JPC_VISIT)) == JPC_SIG) { \
 		d = *(dp); \
-		*(nmsedec) += JPC_GETREFNMSEDEC(abs(d), (bitpos) + JPC_NUMEXTRABITS); \
-		v = (abs(d) & (one)) ? 1 : 0; \
+		*(nmsedec) += JPC_GETREFNMSEDEC(JAS_ABS(d), (bitpos) + JPC_NUMEXTRABITS); \
+		v = (JAS_ABS(d) & (one)) ? 1 : 0; \
 		if (jpc_bitstream_putbit((out), v) == EOF) { \
 			return -1; \
 		} \
@@ -803,19 +803,19 @@
 
 #define	clnpass_step(fp, frowstep, dp, bitpos, one, orient, nmsedec, mqenc, label1, label2, vcausalflag) \
 { \
-	int f; \
+	jpc_fix_t f; \
 	int v; \
 label1 \
 	f = *(fp); \
 	if (!(f & (JPC_SIG | JPC_VISIT))) { \
 		jpc_mqenc_setcurctx(mqenc, JPC_GETZCCTXNO(f, (orient))); \
-		v = (abs(*(dp)) & (one)) ? 1 : 0; \
+		v = (JAS_ABS(*(dp)) & (one)) ? 1 : 0; \
 		jpc_mqenc_putbit((mqenc), v); \
 		if (v) { \
 label2 \
 			f = *(fp); \
 			/* Coefficient is significant. */ \
-			*(nmsedec) += JPC_GETSIGNMSEDEC(abs(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
+			*(nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
 			jpc_mqenc_setcurctx((mqenc), JPC_GETSCCTXNO(f)); \
 			v = ((*(dp) < 0) ? 1 : 0); \
 			jpc_mqenc_putbit((mqenc), v ^ JPC_GETSPB(f)); \
@@ -876,7 +876,7 @@
 			  !((*fp) & (JPC_SIG | JPC_VISIT | JPC_OTHSIGMSK)))) {
 				dp = dvscanstart;
 				for (k = 0; k < vscanlen; ++k) {
-					v = (abs(*dp) & one) ? 1 : 0;
+					v = (JAS_ABS(*dp) & one) ? 1 : 0;
 					if (v) {
 						break;
 					}
openSUSE Build Service is sponsored by
Places