fix CVE-2021-3575
This commit is contained in:
zhangpan
parent
f18beff8e7
commit
989e69d908
@ -1,35 +1,43 @@
|
||||
From f4cb033a340b55dbc576453c4b6a967fec5cbbda Mon Sep 17 00:00:00 2001
|
||||
From: Mehdi Sabwat <mehdisabwat@gmail.com>
|
||||
Date: Fri, 7 May 2021 01:50:37 +0200
|
||||
Subject: [PATCH] fix heap buffer overflow #1347
|
||||
|
||||
Conflict:NA
|
||||
Reference:https://github.com/uclouvain/openjpeg/commit/f4cb033a340b55dbc576453c4b6a967fec5cbbda
|
||||
From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001
|
||||
From: Even Rouault <even.rouault@spatialys.com>
|
||||
Date: Sun, 18 Feb 2024 17:02:25 +0100
|
||||
Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in
|
||||
sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347)
|
||||
|
||||
Reference:https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
|
||||
Conflict:NA
|
||||
|
||||
---
|
||||
src/bin/common/color.c | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
src/bin/common/color.c | 12 ++++++++++--
|
||||
1 file changed, 10 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/bin/common/color.c b/src/bin/common/color.c
|
||||
index 27f15f137..935fa44eb 100644
|
||||
index 27f15f137..ae5d648da 100644
|
||||
--- a/src/bin/common/color.c
|
||||
+++ b/src/bin/common/color.c
|
||||
@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
|
||||
@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
|
||||
if (i < loopmaxh) {
|
||||
size_t j;
|
||||
|
||||
- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
|
||||
+ if (offx > 0U) {
|
||||
+ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
|
||||
+ ++y;
|
||||
+ ++r;
|
||||
+ ++g;
|
||||
+ ++b;
|
||||
+ }
|
||||
+
|
||||
+ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
|
||||
- ++y;
|
||||
+ if (*y != img->comps[0].data[loopmaxh])
|
||||
+ ++y;
|
||||
++r;
|
||||
++g;
|
||||
++b;
|
||||
- ++cb;
|
||||
- ++cr;
|
||||
+ if (*cb != img->comps[1].data[loopmaxh])
|
||||
+ ++cb;
|
||||
+ if (*cr != img->comps[2].data[loopmaxh])
|
||||
+ ++cr;
|
||||
++y;
|
||||
@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
|
||||
++cb;
|
||||
++cr;
|
||||
}
|
||||
if (j < maxw) {
|
||||
- if (j < maxw) {
|
||||
+ if (j < loopmaxw) {
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
Name: openjpeg2
|
||||
Version: 2.3.1
|
||||
Release: 12
|
||||
Release: 13
|
||||
Summary: C-Library for JPEG 2000
|
||||
License: BSD and MIT
|
||||
URL: https://github.com/uclouvain/openjpeg
|
||||
@ -103,6 +103,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
|
||||
%{_mandir}/man3/*.3*
|
||||
|
||||
%changelog
|
||||
* Tue Oct 29 2024 zhangpan <zhangpan103@h-partners.com> - 2.3.1-13
|
||||
- fix CVE-2021-3575
|
||||
|
||||
* Thu Jul 11 2024 xinghe <xinghe2@h-partners.com> - 2.3.1-12
|
||||
- Type:cves
|
||||
- ID:CVE-2023-39328
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user