File openjpeg2-CVE-2018-16375.patch of Package openjpeg2.26562

Index: openjpeg-2.1.0/src/bin/jpwl/convert.c
===================================================================
--- openjpeg-2.1.0.orig/src/bin/jpwl/convert.c
+++ openjpeg-2.1.0/src/bin/jpwl/convert.c
@@ -41,6 +41,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <limits.h>
 
 #ifdef OPJ_HAVE_LIBTIFF
 #include <tiffio.h>
@@ -1727,6 +1728,15 @@ opj_image_t* pnmtoimage(const char *file
 
 	if(!header_info.ok) { fclose(fp); return NULL; }
 
+	/* This limitation could be removed by making sure to use size_t below */
+    if (header_info.height != 0 &&
+		header_info.width > INT_MAX / header_info.height) {
+        fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+                header_info.width, header_info.height);
+        fclose(fp);
+        return NULL;
+    }
+
 	format = header_info.format;
 
     switch(format)

Places

File openjpeg2-CVE-2018-16375.patch of Package openjpeg2.26562

Places