Overview

File openjpeg2-CVE-2018-20845.patch of Package openjpeg2.36921

Index: openjpeg-2.1.0/src/lib/openmj2/pi.c
===================================================================
--- openjpeg-2.1.0.orig/src/lib/openmj2/pi.c
+++ openjpeg-2.1.0/src/lib/openmj2/pi.c
@@ -215,6 +215,13 @@ if (!pi->tp_on){
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+
+					/* To avoid divisions by zero / undefined behaviour on shift */
+					if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+						rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy) {
+						continue;
+					}
+
 					if ((comp->dy << rpy) < 1)
 						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
@@ -300,6 +307,13 @@ static opj_bool pi_next_pcrl(opj_pi_iter
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+
+					/* To avoid divisions by zero / undefined behaviour on shift */
+					if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+						rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy) {
+						continue;
+					}
+
 					if ((comp->dy << rpy) < 1)
 						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
@@ -383,6 +397,13 @@ static opj_bool pi_next_cprl(opj_pi_iter
 					try1 = int_ceildiv(pi->ty1, comp->dy << levelno);
 					rpx = res->pdx + levelno;
 					rpy = res->pdy + levelno;
+
+					/* To avoid divisions by zero / undefined behaviour on shift */
+					if (rpx >= 31 || ((comp->dx << rpx) >> rpx) != comp->dx ||
+						rpy >= 31 || ((comp->dy << rpy) >> rpy) != comp->dy) {
+						continue;
+					}
+
 					if ((comp->dy << rpy) < 1)
 						continue;
 					if (!((pi->y % (comp->dy << rpy) == 0) || ((pi->y == pi->ty0) && ((try0 << levelno) % (1 << rpy))))){
openSUSE Build Service is sponsored by
Places