Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
openjpeg2.7252
openjpeg2-CVE-2017-14040.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openjpeg2-CVE-2017-14040.patch of Package openjpeg2.7252
diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c index 1bae6a3..0d7d720 100644 --- a/src/bin/jp2/convert.c +++ b/src/bin/jp2/convert.c @@ -41,6 +41,7 @@ #include <stdlib.h> #include <string.h> #include <ctype.h> +#include <limits.h> #ifdef OPJ_HAVE_LIBTIFF #include <tiffio.h> @@ -98,14 +99,9 @@ struct tga_header }; #endif /* INFORMATION_ONLY */ -static unsigned short get_ushort(unsigned short val) { - -#ifdef OPJ_BIG_ENDIAN - return( ((val & 0xff) << 8) + (val >> 8) ); -#else - return( val ); -#endif - +/* Returns a ushort from a little-endian serialized value */ +static unsigned short get_tga_ushort(const unsigned char *data) { + return data[0] | (data[1] << 8); } #define TGA_HEADER_SIZE 18 @@ -132,17 +128,17 @@ static int tga_readheader(FILE *fp, unsigned int *bits_per_pixel, id_len = (unsigned char)tga[0]; /*cmap_type = (unsigned char)tga[1];*/ image_type = (unsigned char)tga[2]; - /*cmap_index = get_ushort(*(unsigned short*)(&tga[3]));*/ - cmap_len = get_ushort(*(unsigned short*)(&tga[5])); + /*cmap_index = get_tga_ushort(&tga[3]);*/ + cmap_len = get_tga_ushort (&tga[5]); cmap_entry_size = (unsigned char)tga[7]; #if 0 - x_origin = get_ushort(*(unsigned short*)(&tga[8])); - y_origin = get_ushort(*(unsigned short*)(&tga[10])); + x_origin = get_tga_ushort(&tga[8]); + y_origin = get_tga_ushort(&tga[10]); #endif - image_w = get_ushort(*(unsigned short*)(&tga[12])); - image_h = get_ushort(*(unsigned short*)(&tga[14])); + image_w = get_tga_ushort(&tga[12]); + image_h = get_tga_ushort(&tga[14]); pixel_depth = (unsigned char)tga[16]; image_desc = (unsigned char)tga[17]; @@ -301,6 +297,24 @@ opj_image_t* tgatoimage(const char *filename, opj_cparameters_t *parameters) { color_space = OPJ_CLRSPC_SRGB; } + /* If the declared file size is > 10 MB, check that the file is big */ + /* enough to avoid excessive memory allocations */ + if (image_height != 0 && image_width > 10000000 / image_height / numcomps) { + char ch; + OPJ_UINT64 expected_file_size = + (OPJ_UINT64)image_width * image_height * numcomps; + long curpos = ftell(f); + if (expected_file_size > (OPJ_UINT64)INT_MAX) { + expected_file_size = (OPJ_UINT64)INT_MAX; + } + fseek(f, (long)expected_file_size - 1, SEEK_SET); + if (fread(&ch, 1, 1, f) != 1) { + fclose(f); + return NULL; + } + fseek(f, curpos, SEEK_SET); + } + subsampling_dx = parameters->subsampling_dx; subsampling_dy = parameters->subsampling_dy;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor