Overview

File openjpeg2-CVE-2020-27824.patch of Package openjpeg2.36921

Index: openjpeg-2.1.0/src/lib/openjp2/dwt.c
===================================================================
--- openjpeg-2.1.0.orig/src/lib/openjp2/dwt.c
+++ openjpeg-2.1.0/src/lib/openjp2/dwt.c
@@ -514,6 +514,14 @@ OPJ_UINT32 opj_dwt_getgain_real(OPJ_UINT
 /* Get norm of 9-7 wavelet. */
 /* </summary>               */
 OPJ_FLOAT64 opj_dwt_getnorm_real(OPJ_UINT32 level, OPJ_UINT32 orient) {
+    /* FIXME ! This is just a band-aid to avoid a buffer overflow */
+    /* but the array should really be extended up to 33 resolution levels */
+    /* See https://github.com/uclouvain/openjpeg/issues/493 */
+    if (orient == 0 && level >= 10) {
+        level = 9;
+    } else if (orient > 0 && level >= 9) {
+        level = 8;
+    }
 	return opj_dwt_norms_real[orient][level];
 }
 
@@ -531,7 +539,7 @@ void opj_dwt_calc_explicit_stepsizes(opj
 		if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
 			stepsize = 1.0;
 		} else {
-			OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
+			OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
 			stepsize = (1 << (gain)) / norm;
 		}
 		opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), (OPJ_INT32)(prec + gain), &tccp->stepsizes[bandno]);
openSUSE Build Service is sponsored by
Places