Overview

File openjpeg-CVE-2020-27843.patch of Package openjpeg.26661

Index: openjpeg-1.5.2/libopenjpeg/t2.c
===================================================================
--- openjpeg-1.5.2.orig/libopenjpeg/t2.c
+++ openjpeg-1.5.2/libopenjpeg/t2.c
@@ -181,7 +181,16 @@ static int t2_encode_packet(opj_tcd_tile
 	/* Writing Packet header */
 	for (bandno = 0; bandno < res->numbands; bandno++) {
 		opj_tcd_band_t *band = &res->bands[bandno];
-		opj_tcd_precinct_t *prc = &band->precincts[precno];
+		opj_tcd_precinct_t *prc;
+
+                /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */
+                /* but likely not a proper fix. */
+                if (precno >= res->pw * res->ph) {
+                        return OPJ_FALSE;
+                }
+
+		prc =  &band->precincts[precno];
+
 		for (cblkno = 0; cblkno < prc->cw * prc->ch; cblkno++) {
 			opj_tcd_cblk_enc_t* cblk = &prc->cblks.enc[cblkno];
 			opj_tcd_layer_t *layer = &cblk->layers[layno];
openSUSE Build Service is sponsored by
Places