CBL-Mariner/SPECS-EXTENDED/openjpeg2/openjpeg2_CVE-2020-27842.patch

20 lines
942 B
Diff

diff -rupN --no-dereference openjpeg-2.3.1/src/lib/openjp2/t2.c openjpeg-2.3.1-new/src/lib/openjp2/t2.c
--- openjpeg-2.3.1/src/lib/openjp2/t2.c 2020-12-17 16:25:44.967030302 +0100
+++ openjpeg-2.3.1-new/src/lib/openjp2/t2.c 2020-12-17 16:25:44.969030300 +0100
@@ -711,6 +711,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ
continue;
}
+ /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */
+ /* but likely not a proper fix. */
+ if (precno >= res->pw * res->ph) {
+ opj_event_msg(p_manager, EVT_ERROR,
+ "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
+ precno, res->pw * res->ph);
+ return OPJ_FALSE;
+ }
+
prc = &band->precincts[precno];
opj_tgt_reset(prc->incltree);
opj_tgt_reset(prc->imsbtree);