File openjpeg2-CVE-2018-20846.patch of Package openjpeg2
Index: openjpeg-2.3.0/src/lib/openmj2/pi.c
===================================================================
--- openjpeg-2.3.0.orig/src/lib/openmj2/pi.c
+++ openjpeg-2.3.0/src/lib/openmj2/pi.c
@@ -85,6 +85,12 @@ static opj_bool pi_next_cprl(opj_pi_iter
==========================================================
*/
+static void opj_pi_emit_error(opj_pi_iterator_t * pi, const char* msg)
+{
+ (void)pi;
+ (void)msg;
+}
+
static opj_bool pi_next_lrcp(opj_pi_iterator_t * pi)
{
opj_pi_comp_t *comp = NULL;
@@ -114,6 +120,11 @@ static opj_bool pi_next_lrcp(opj_pi_iter
for (pi->precno = pi->poc.precno0; pi->precno < pi->poc.precno1; pi->precno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with include*/
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
@@ -156,6 +167,11 @@ static opj_bool pi_next_rlcp(opj_pi_iter
for (pi->precno = pi->poc.precno0; pi->precno < pi->poc.precno1; pi->precno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with include*/
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
@@ -256,6 +272,11 @@ static opj_bool pi_next_rpcl(opj_pi_iter
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with include*/
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
@@ -356,6 +377,11 @@ static opj_bool pi_next_pcrl(opj_pi_iter
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with include*/
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;
@@ -454,6 +480,11 @@ static opj_bool pi_next_cprl(opj_pi_iter
for (pi->layno = pi->poc.layno0; pi->layno < pi->poc.layno1; pi->layno++) {
index = pi->layno * pi->step_l + pi->resno * pi->step_r + pi->compno *
pi->step_c + pi->precno * pi->step_p;
+ /* Avoids index out of bounds access with include*/
+ if (index >= pi->include_size) {
+ opj_pi_emit_error(pi, "Invalid access to pi->include");
+ return OPJ_FALSE;
+ }
if (!pi->include[index]) {
pi->include[index] = 1;
return OPJ_TRUE;