File openjpeg2-CVE-2023-39327.patch of Package openjpeg2.42421

Index: openjpeg-2.1.0/src/lib/openjp2/t2.c
===================================================================
--- openjpeg-2.1.0.orig/src/lib/openjp2/t2.c
+++ openjpeg-2.1.0/src/lib/openjp2/t2.c
@@ -379,6 +379,9 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t
                  * and no l_img_comp->resno_decoded are computed
                  */
                 OPJ_BOOL* first_pass_failed = (OPJ_BOOL*)opj_malloc(l_image->numcomps * sizeof(OPJ_BOOL));
+                OPJ_UINT32 l_packet_count = 0;
+                OPJ_UINT32 l_max_packets = 100000;
+
                 if (!first_pass_failed)
                 {
                     opj_pi_destroy(l_pi,l_nb_pocs);
@@ -390,6 +393,13 @@ OPJ_BOOL opj_t2_decode_packets( opj_t2_t
                   JAS_FPRINTF( stderr, "packet offset=00000166 prg=%d cmptno=%02d rlvlno=%02d prcno=%03d lyrno=%02d\n\n",
                     l_current_pi->poc.prg1, l_current_pi->compno, l_current_pi->resno, l_current_pi->precno, l_current_pi->layno );
 
+                  /* CVE-2023-39327: Check for excessive packet iterations */
+                  if (++l_packet_count > l_max_packets) {
+                          opj_pi_destroy(l_pi, l_nb_pocs);
+                          opj_free(first_pass_failed);
+                          return OPJ_FALSE;
+                  }
+
                         if (l_tcp->num_layers_to_decode > l_current_pi->layno
                                         && l_current_pi->resno < p_tile->comps[l_current_pi->compno].minimum_num_resolutions) {
                                 l_nb_bytes_read = 0;