Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
openjpeg2
openjpeg2-CVE-2020-27824.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openjpeg2-CVE-2020-27824.patch of Package openjpeg2
Index: openjpeg-2.1.0/src/lib/openjp2/dwt.c =================================================================== --- openjpeg-2.1.0.orig/src/lib/openjp2/dwt.c +++ openjpeg-2.1.0/src/lib/openjp2/dwt.c @@ -514,6 +514,14 @@ OPJ_UINT32 opj_dwt_getgain_real(OPJ_UINT /* Get norm of 9-7 wavelet. */ /* </summary> */ OPJ_FLOAT64 opj_dwt_getnorm_real(OPJ_UINT32 level, OPJ_UINT32 orient) { + /* FIXME ! This is just a band-aid to avoid a buffer overflow */ + /* but the array should really be extended up to 33 resolution levels */ + /* See https://github.com/uclouvain/openjpeg/issues/493 */ + if (orient == 0 && level >= 10) { + level = 9; + } else if (orient > 0 && level >= 9) { + level = 8; + } return opj_dwt_norms_real[orient][level]; } @@ -531,7 +539,7 @@ void opj_dwt_calc_explicit_stepsizes(opj if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) { stepsize = 1.0; } else { - OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level]; + OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient); stepsize = (1 << (gain)) / norm; } opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0), (OPJ_INT32)(prec + gain), &tccp->stepsizes[bandno]);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor