summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/jasper-CVE-2016-1867.patch
blob: 2d2ca6f014b38e3e89da168d7abdb22183060c15 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Fix CVE-2016-1867 (Out-of-bounds read in jpc_pi_nextcprl()).

Copied from SUSE.

https://bugzilla.suse.com/show_bug.cgi?id=961886
https://bugzilla.redhat.com/show_bug.cgi?id=1298135

--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2016-01-14 14:22:24.569056412 +0100
@@ -429,7 +429,7 @@
 	}
 
 	for (pi->compno = pchg->compnostart, pi->picomp =
-	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
+	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
 	  ++pi->picomp) {
 		pirlvl = pi->picomp->pirlvls;
 		pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +