File openjpeg2-CVE-2018-16375.patch of Package openjpeg2.26563

Index: openjpeg-2.3.0/src/bin/jpwl/convert.c
===================================================================
--- openjpeg-2.3.0.orig/src/bin/jpwl/convert.c
+++ openjpeg-2.3.0/src/bin/jpwl/convert.c
@@ -41,6 +41,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <ctype.h>
+#include <limits.h>
 
 #ifdef OPJ_HAVE_LIBTIFF
 #include <tiffio.h>
@@ -1860,6 +1861,15 @@ opj_image_t* pnmtoimage(const char *file
         fclose(fp);
         return NULL;
     }
+
+    /* This limitation could be removed by making sure to use size_t below */
+    if (header_info.height != 0 &&
+        header_info.width > INT_MAX / header_info.height) {
+        fprintf(stderr, "pnmtoimage:Image %dx%d too big!\n",
+                header_info.width, header_info.height);
+        fclose(fp);
+        return NULL;
+    }
 
     format = header_info.format;

Places

File openjpeg2-CVE-2018-16375.patch of Package openjpeg2.26563

Places