blob: 53c86ea5e4fee9f818d833d877f8f2f6706a5e8c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 38d661a3897052c7ff0b39b30c29cb067e130121 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Wed, 2 Dec 2020 13:13:26 +0100
Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1297,
but likely not the proper fix
Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz]
CVE: CVE-2020-27843
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
src/lib/openjp2/t2.c | 9 +++++++++
1 file changed, 9 insertions(+)
--- a/src/lib/openjp2/t2.c
+++ b/src/lib/openjp2/t2.c
@@ -787,6 +787,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1297 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
l_nb_blocks = prc->cw * prc->ch;
cblk = prc->cblks.enc;
|
