Overview

File openjpeg-CVE-2020-27824.patch of Package openjpeg.26661

Index: openjpeg-1.5.2/libopenjpeg/dwt.c
===================================================================
--- openjpeg-1.5.2.orig/libopenjpeg/dwt.c
+++ openjpeg-1.5.2/libopenjpeg/dwt.c
@@ -471,6 +471,14 @@ int dwt_getgain_real(int orient) {
 /* Get norm of 9-7 wavelet. */
 /* </summary>               */
 double dwt_getnorm_real(int level, int orient) {
+    /* FIXME ! This is just a band-aid to avoid a buffer overflow */
+    /* but the array should really be extended up to 33 resolution levels */
+    /* See https://github.com/uclouvain/openjpeg/issues/493 */
+    if (orient == 0 && level >= 10) {
+        level = 9;
+    } else if (orient > 0 && level >= 9) {
+        level = 8;
+    }
 	return dwt_norms_real[orient][level];
 }
 
@@ -488,7 +496,7 @@ void dwt_calc_explicit_stepsizes(opj_tcc
 		if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
 			stepsize = 1.0;
 		} else {
-			double norm = dwt_norms_real[orient][level];
+			double norm = dwt_getnorm_real(level, orient);
 			stepsize = (1 << (gain)) / norm;
 		}
 		dwt_encode_stepsize((int) floor(stepsize * 8192.0), prec + gain, &tccp->stepsizes[bandno]);
openSUSE Build Service is sponsored by
Places