diff options
| author |   Marguet, Nicolas <nicolas.marguet@windriver.com> | 2022-04-13 19:58:19 -0700 |
|---|---|---|
| committer |   Khem Raj <raj.khem@gmail.com> | 2022-04-14 19:42:10 -0700 |
| commit | 08d9e915425a5ce02b9caff7264a0841f2b56fa3 (patch) | |
| tree | add155d62de46960e5c8a97dc08930f18bf4addf /meta-oe/recipes-graphics/openjpeg | |
| parent | 2cbfe9ffcf72a0ae9f4b1912e1f9e03b5dac8069 (diff) | |
| download | meta-openembedded-08d9e915425a5ce02b9caff7264a0841f2b56fa3.tar.gz | |
openjpeg: fix CVE-2022-1122
CVE: CVE-2022-1122
The defect is undergoing reanalysis and there may be follow-up commits.
Ref:
* https://github.com/uclouvain/openjpeg/issues/1368
Signed-off-by: Nicolas Marguet <nicolas.marguet@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-oe/recipes-graphics/openjpeg')
| -rw-r--r-- | meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2022-1122.patch | 31 | ||||
| -rw-r--r-- | meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb | 1 |
2 files changed, 32 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2022-1122.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2022-1122.patch new file mode 100644 index 0000000000..8aa9c15e33 --- /dev/null +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2022-1122.patch @@ -0,0 +1,31 @@ +Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d] +CVE: CVE-2022-1122 + +While this patch improves things re-CVE-2022-1122, the defect is undergoing re-analysis and there may be follow-up commits. + +From 0afbdcf3e6d0d2bd2e16a0c4d513ee3cf86e460d Mon Sep 17 00:00:00 2001 +From: xiaoxiaoafeifei <lliangliang2007@163.com> +Date: Wed, 14 Jul 2021 09:35:13 +0800 +Subject: [PATCH] Fix segfault in src/bin/jp2/opj_decompress.c due to + uninitialized pointer (fixes #1368) (#1369) + +--- + src/bin/jp2/opj_decompress.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c +index 0e028735..18ead672 100644 +--- a/src/bin/jp2/opj_decompress.c ++++ b/src/bin/jp2/opj_decompress.c +@@ -1356,7 +1356,7 @@ int main(int argc, char **argv) + int it_image; + num_images = get_num_images(img_fol.imgdirpath); + +- dirptr = (dircnt_t*)malloc(sizeof(dircnt_t)); ++ dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t)); + if (!dirptr) { + destroy_parameters(¶meters); + return EXIT_FAILURE; +-- +2.25.1 + diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb index b41bb9eb8a..f248619ec8 100644 --- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb +++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb @@ -10,6 +10,7 @@ SRC_URI = " \ file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \ file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \ file://CVE-2021-29338.patch \ + file://CVE-2022-1122.patch \ " SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505" S = "${WORKDIR}/git" |