SECURITY UPDATE
This commit is contained in:
liubo0711
parent
3df0acff70
commit
385fdaf672
|
|
@ -1,3 +1,12 @@
|
|||
openjpeg2 (2.5.0-ok2) nile; urgency=medium
|
||||
|
||||
* SECURITY UPDATE: heap buffer overflow - debian/patches/CVE-2021-
|
||||
3575.patch: opj_decompress: fix off-by-one read heap-buffer-
|
||||
overflow in sycc420_to_rgb() when x0 and y0 are odd - CVE-2021-
|
||||
3575
|
||||
|
||||
-- liubo01 <liubo01@kylinos.cn> Tue, 05 Nov 2024 09:21:04 +0800
|
||||
|
||||
openjpeg2 (2.5.0-ok1) nile; urgency=medium
|
||||
|
||||
* Build for openKylin.
|
||||
|
|
|
|||
|
|
@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img)
|
|||
if (i < loopmaxh) {
|
||||
size_t j;
|
||||
|
||||
for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) {
|
||||
if (offx > 0U) {
|
||||
sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b);
|
||||
++y;
|
||||
++r;
|
||||
++g;
|
||||
++b;
|
||||
}
|
||||
|
||||
for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) {
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
|
||||
++y;
|
||||
|
|
@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img)
|
|||
++cb;
|
||||
++cr;
|
||||
}
|
||||
if (j < maxw) {
|
||||
if (j < loopmaxw) {
|
||||
sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1109,6 +1109,7 @@ static OPJ_BOOL opj_t2_read_packet_header(opj_t2_t* p_t2,
|
|||
/* SOP markers */
|
||||
|
||||
if (p_tcp->csty & J2K_CP_CSTY_SOP) {
|
||||
/* SOP markers are allowed (i.e. optional), just warn */
|
||||
if (p_max_length < 6) {
|
||||
opj_event_msg(p_manager, EVT_WARNING,
|
||||
"Not enough space for expected SOP marker\n");
|
||||
|
|
@ -1161,12 +1162,15 @@ static OPJ_BOOL opj_t2_read_packet_header(opj_t2_t* p_t2,
|
|||
|
||||
/* EPH markers */
|
||||
if (p_tcp->csty & J2K_CP_CSTY_EPH) {
|
||||
/* EPH markers are required */
|
||||
if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data -
|
||||
*l_header_data_start)) < 2U) {
|
||||
opj_event_msg(p_manager, EVT_WARNING,
|
||||
"Not enough space for expected EPH marker\n");
|
||||
opj_event_msg(p_manager, EVT_ERROR,
|
||||
"Not enough space for required EPH marker\n");
|
||||
return OPJ_FALSE;
|
||||
} else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
|
||||
opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n");
|
||||
opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n");
|
||||
return OPJ_FALSE;
|
||||
} else {
|
||||
l_header_data += 2;
|
||||
}
|
||||
|
|
@ -1330,12 +1334,15 @@ static OPJ_BOOL opj_t2_read_packet_header(opj_t2_t* p_t2,
|
|||
|
||||
/* EPH markers */
|
||||
if (p_tcp->csty & J2K_CP_CSTY_EPH) {
|
||||
/* EPH markers are required */
|
||||
if ((*l_modified_length_ptr - (OPJ_UINT32)(l_header_data -
|
||||
*l_header_data_start)) < 2U) {
|
||||
opj_event_msg(p_manager, EVT_WARNING,
|
||||
"Not enough space for expected EPH marker\n");
|
||||
opj_event_msg(p_manager, EVT_ERROR,
|
||||
"Not enough space for required EPH marker\n");
|
||||
return OPJ_FALSE;
|
||||
} else if ((*l_header_data) != 0xff || (*(l_header_data + 1) != 0x92)) {
|
||||
opj_event_msg(p_manager, EVT_WARNING, "Expected EPH marker\n");
|
||||
opj_event_msg(p_manager, EVT_ERROR, "Expected EPH marker\n");
|
||||
return OPJ_FALSE;
|
||||
} else {
|
||||
l_header_data += 2;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -657,3 +657,6 @@ opj_decompress -i @INPUT_NR_PATH@/htj2k/Bretagne1_ht.j2k -o @TEMP_PATH@/Bretagne
|
|||
opj_decompress -i @INPUT_NR_PATH@/htj2k/Bretagne1_ht_lossy.j2k -o @TEMP_PATH@/Bretagne1_ht_lossy.j2k.png
|
||||
opj_decompress -i @INPUT_NR_PATH@/htj2k/byte.jph -o @TEMP_PATH@/byte.jph.png
|
||||
opj_decompress -i @INPUT_NR_PATH@/htj2k/byte_causal.jhc -o @TEMP_PATH@/byte_causal.jhc.png
|
||||
|
||||
# missing EPH Marker
|
||||
!opj_decompress -i @INPUT_NR_PATH@/issue1472-bigloop.j2k -o @TEMP_PATH@/issue1472-bigloop.raw
|
||||
|
|
|
|||
Loading…
Reference in New Issue