File openjpeg-CVE-2021-29338.patch of Package openjpeg.23765
Index: openjpeg-1.5.2/applications/codec/image_to_j2k.c
===================================================================
--- openjpeg-1.5.2.orig/applications/codec/image_to_j2k.c
+++ openjpeg-1.5.2/applications/codec/image_to_j2k.c
@@ -1554,10 +1554,10 @@ int main(int argc, char **argv) {
/* Read directory if necessary */
if(img_fol.set_imgdir==1){
num_images=get_num_images(img_fol.imgdirpath);
- dirptr=(dircnt_t*)malloc(sizeof(dircnt_t));
+ dirptr=(dircnt_t*)calloc(1, sizeof(dircnt_t));
if(dirptr){
- dirptr->filename_buf = (char*)malloc(num_images*OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
- dirptr->filename = (char**) malloc(num_images*sizeof(char*));
+ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
+ dirptr->filename = (char**) calloc(num_images, sizeof(char*));
if(!dirptr->filename_buf){
return 0;
}
Index: openjpeg-1.5.2/applications/codec/j2k_dump.c
===================================================================
--- openjpeg-1.5.2.orig/applications/codec/j2k_dump.c
+++ openjpeg-1.5.2/applications/codec/j2k_dump.c
@@ -361,10 +361,10 @@ int main(int argc, char *argv[])
if(img_fol.set_imgdir==1){
num_images=get_num_images(img_fol.imgdirpath);
- dirptr=(dircnt_t*)malloc(sizeof(dircnt_t));
+ dirptr=(dircnt_t*)calloc(1, sizeof(dircnt_t));
if(dirptr){
- dirptr->filename_buf = (char*)malloc(num_images*OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
- dirptr->filename = (char**) malloc(num_images*sizeof(char*));
+ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
+ dirptr->filename = (char**) calloc(num_images, sizeof(char*));
if(!dirptr->filename_buf){
return 1;
Index: openjpeg-1.5.2/applications/codec/j2k_to_image.c
===================================================================
--- openjpeg-1.5.2.orig/applications/codec/j2k_to_image.c
+++ openjpeg-1.5.2/applications/codec/j2k_to_image.c
@@ -556,10 +556,10 @@ int main(int argc, char **argv) {
if(img_fol.set_imgdir==1){
num_images=get_num_images(img_fol.imgdirpath);
- dirptr=(dircnt_t*)malloc(sizeof(dircnt_t));
+ dirptr=(dircnt_t*)calloc(1, sizeof(dircnt_t));
if(dirptr){
- dirptr->filename_buf = (char*)malloc(num_images*OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
- dirptr->filename = (char**) malloc(num_images*sizeof(char*));
+ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN*sizeof(char)); /* Stores at max 10 image file names*/
+ dirptr->filename = (char**) calloc(num_images, sizeof(char*));
if(!dirptr->filename_buf){
return 1;