fix CVE-2020-27842

(cherry picked from commit 722ffc14f1330c8ee0b2b87245c1e3f99265a42e)
2022-01-04 15:07:35 +08:00 · 2022-01-04 15:07:35 +08:00 · eb13bf88f6
commit eb13bf88f6
parent 3adeacc472
2 changed files with 38 additions and 1 deletions
--- a/backport-CVE-2020-27842.patch
+++ b/backport-CVE-2020-27842.patch
@ -0,0 +1,33 @@
+From fbd30b064f8f9607d500437b6fedc41431fd6cdc Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 1 Dec 2020 19:51:35 +0100
+Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1294,
+ but likely not the proper fix
+
+Conflict:NA
+Reference:https://github.com/uclouvain/openjpeg/commit/fbd30b064f8f9607d500437b6fedc41431fd6cdc
+
+---
+ src/lib/openjp2/t2.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
+index 71472b499..e452edd19 100644
+--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
+@@ -739,6 +739,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
+                 continue;
+             }
+ 
+            /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */
+            /* but likely not a proper fix. */
+            if (precno >= res->pw * res->ph) {
+                opj_event_msg(p_manager, EVT_ERROR,
+                              "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+                              precno, res->pw * res->ph);
+                return OPJ_FALSE;
+            }
+
+             prc = &band->precincts[precno];
+             opj_tgt_reset(prc->incltree);
+             opj_tgt_reset(prc->imsbtree);
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        7
+Release:        8
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@ -22,6 +22,7 @@ Patch6009:      backport-CVE-2020-6851.patch
 Patch6010:      backport-CVE-2020-27823.patch
 Patch6011:      backport-CVE-2020-27824.patch
 Patch6012:      backport-CVE-2021-29338.patch
+Patch6013:	backport-CVE-2020-27842.patch

 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen

@ -97,6 +98,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*

 %changelog
+* Tue Jan 4 2022 dongyuzhen <dongyuzhen@huawei.com> - 2.3.1-8
+- fix CVE-2020-27842
+
 * Fri Sep 24 2021 yangcheng <yangcheng87@huawei.com> - 2.3.1-7
 - fix CVE-2021-29338