File CVE-2025-2357.patch of Package dcmtk

From 69a6690db71927e02a6fb6ee655cb449f0431466 Mon Sep 17 00:00:00 2001
From: Marco Eichelberg <eichelberg@offis.de>
Date: Mon, 3 Mar 2025 12:33:18 +0100
Subject: [PATCH] Fixed segfault in JPEG-LS decoder.

Fixed a bug in the JPEG-LS decoder that led to a segmentation fault if invalid
input data was processed, due to insufficient validation of input data.

Thanks to Ding zhengzheng <xiaozheng.ding399@gmail.com> for the report
and the sample file (PoC).

This closes DCMTK issue #1155.
---
 dcmjpls/libcharls/scan.h | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/dcmjpls/libcharls/scan.h b/dcmjpls/libcharls/scan.h
index b4dea20..d6dfa5a 100644
--- a/dcmjpls/libcharls/scan.h
+++ b/dcmjpls/libcharls/scan.h
@@ -629,14 +629,24 @@ void JlsCodec<TRAITS,STRATEGY>::DoLine(SAMPLE*)
 	LONG index = 0;
 	LONG Rb = _previousLine[index-1];
 	LONG Rd = _previousLine[index];
+    LONG RANGE_UPPER = 1 << traits.bpp;
+    LONG RANGE_LOWER = - RANGE_UPPER;
 
 	while(index < _width)
-	{	
+	{
 		LONG Ra = _currentLine[index -1];
 		LONG Rc = Rb;
 		Rb = Rd;
 		Rd = _previousLine[index + 1];
 
+        // make sure that values are not out of range
+        if (  (Rd - Rb < RANGE_LOWER) || (Rd - Rb > RANGE_UPPER)
+           || (Rb - Rc < RANGE_LOWER) || (Rb - Rc > RANGE_UPPER)
+           || (Rc - Ra < RANGE_LOWER) || (Rc - Ra > RANGE_UPPER))
+        {
+            throw JlsException(InvalidCompressedData);
+        }
+
 		LONG Qs = ComputeContextID(QuantizeGratient(Rd - Rb), QuantizeGratient(Rb - Rc), QuantizeGratient(Rc - Ra));
 
 		if (Qs != 0)
-- 
2.48.1

openSUSE Build Service is sponsored by