packages/openjpeg2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openjpeg2/backport-CVE-2021-3575.patch
dongyuzhen f0b83764a5 fix CVE-2019-12973 and CVE-2021-3575 
(cherry picked from commit 2c600008132050c2ba42a46a129834f3c8154ec6)
2022-03-16 17:26:23 +08:00

36 lines
1.1 KiB
Diff
Raw Blame History

From f4cb033a340b55dbc576453c4b6a967fec5cbbda Mon Sep 17 00:00:00 2001
From: Mehdi Sabwat <mehdisabwat@gmail.com>
Date: Fri, 7 May 2021 01:50:37 +0200
Subject: [PATCH] fix heap buffer overflow #1347
Conflict:NA
Reference:https://github.com/uclouvain/openjpeg/commit/f4cb033a340b55dbc576453c4b6a967fec5cbbda
---
src/bin/common/color.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/bin/common/color.c b/src/bin/common/color.c
index 27f15f137..935fa44eb 100644
--- a/src/bin/common/color.c
+++ b/src/bin/common/color.c
@@ -368,12 +368,15 @@ static void sycc420_to_rgb(opj_image_t *img)
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
- ++y;
+ if (*y != img->comps[0].data[loopmaxh])
+ ++y;
++r;
++g;
++b;
- ++cb;
- ++cr;
+ if (*cb != img->comps[1].data[loopmaxh])
+ ++cb;
+ if (*cr != img->comps[2].data[loopmaxh])
+ ++cr;
}
if (j < maxw) {
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
Reference in New Issue View Git Blame Copy Permalink