deepcrayon/buildroot
deepcrayon/buildroot
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
buildroot/package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch
Michael Vetter 61703b82cd package/jasper: Apply fix for CVE-2018-19542 
Add 0002-check-null-in-jp2_decode.patch:

Patch was proposed upstream[1] but upstream is very inactive.
Linux distributions use the same fix to patch their packages.

1: https://github.com/mdadams/jasper/pull/200
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2019-12-02 13:39:42 +01:00

25 lines
834 B
Diff
Raw Blame History

From fc62d1b7164ded2405fd6a0604548b34a5a77462 Mon Sep 17 00:00:00 2001
From: Timothy Lyanguzov <timothy.lyanguzov@sap.com>
Date: Mon, 18 Mar 2019 16:46:24 +1300
Subject: [PATCH] Fix CVE-2018-19542: Check for NULL pointer in jp2_decode
Signed-off-by: Michael Vetter <jubalh@iodoru.org>
---
src/libjasper/jp2/jp2_dec.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
index 03b0eaf..a535c19 100644
--- a/src/libjasper/jp2/jp2_dec.c
+++ b/src/libjasper/jp2/jp2_dec.c
@@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
}
#endif
+ } else {
+ jas_eprintf("error: invalid MTYP in CMAP box\n");
+ goto error;
}
}
}
Reference in a new issue View git blame Copy permalink