diff options
| author |   Vivek Kumbhar <vkumbhar@mvista.com> | 2024-03-15 10:50:07 +0530 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2024-03-25 07:11:05 -0400 |
| commit | 9a22be4267b39bcdbcea4d7496a6867a40153c93 (patch) | |
| tree | 7a656f78805fa07fa458db0667189cb17025424c | |
| parent | 1a3b9da20a4744afaae4a74d0f16c47d888fa235 (diff) | |
| download | meta-openembedded-9a22be4267b39bcdbcea4d7496a6867a40153c93.tar.gz | |
openjpeg: Backport fix CVE-2021-3575
Upstream-Status: Backport from https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf
Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch | 45 | ||||
| -rw-r--r-- | meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb | 1 |
2 files changed, 46 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch new file mode 100644 index 0000000000..0322f55cc7 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2021-3575.patch @@ -0,0 +1,45 @@ +From 7bd884f8750892de4f50bf4642fcfbe7011c6bdf Mon Sep 17 00:00:00 2001 +From: Even Rouault <even.rouault@spatialys.com> +Date: Sun, 18 Feb 2024 17:02:25 +0100 +Subject: [PATCH] opj_decompress: fix off-by-one read heap-buffer-overflow in + sycc420_to_rgb() when x0 and y0 are odd (CVE-2021-3575, fixes #1347) + +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/7bd884f8750892de4f50bf4642fcfbe7011c6bdf] +CVE: CVE-2021-3575 +Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> +--- + src/bin/common/color.c | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) + +diff --git a/src/bin/common/color.c b/src/bin/common/color.c +index 27f15f13..ae5d648d 100644 +--- a/src/bin/common/color.c ++++ b/src/bin/common/color.c +@@ -358,7 +358,15 @@ static void sycc420_to_rgb(opj_image_t *img) + if (i < loopmaxh) { + size_t j; + +- for (j = 0U; j < (maxw & ~(size_t)1U); j += 2U) { ++ if (offx > 0U) { ++ sycc_to_rgb(offset, upb, *y, 0, 0, r, g, b); ++ ++y; ++ ++r; ++ ++g; ++ ++b; ++ } ++ ++ for (j = 0U; j < (loopmaxw & ~(size_t)1U); j += 2U) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + + ++y; +@@ -375,7 +383,7 @@ static void sycc420_to_rgb(opj_image_t *img) + ++cb; + ++cr; + } +- if (j < maxw) { ++ if (j < loopmaxw) { + sycc_to_rgb(offset, upb, *y, *cb, *cr, r, g, b); + } + } +-- +2.39.3 diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index 1c090fdea5..a619c07aa4 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -11,6 +11,7 @@ SRC_URI = " \ file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \ file://CVE-2021-29338.patch \ file://CVE-2022-1122.patch \ + file://CVE-2021-3575.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" |