01/01: gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

01/01: gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mc

From:	Mark H. Weaver
Subject:	01/01: gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mco.
Date:	Fri, 02 Oct 2015 16:33:46 +0000

mhw pushed a commit to branch master
in repository guix.

commit b927058237a36b3bd870cff50a4107bfd4a39e41
Author: Mark H Weaver <address@hidden>
Date:   Fri Oct 2 12:30:41 2015 -0400

    gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mco.
    
    * gnu/packages/patches/openjpeg-use-after-free-fix.patch: New file.
    * gnu-system.am (dist_patch_DATA): Add it.
    * gnu/packages/image.scm (openjpeg, openjpeg-2.0)[source]: Add patch.
      [home-page]: Update.
---
 gnu-system.am                                      |    1 +
 gnu/packages/image.scm                             |    8 ++-
 .../patches/openjpeg-use-after-free-fix.patch      |   48 ++++++++++++++++++++
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/gnu-system.am b/gnu-system.am
index 98634a0..17012af 100644
--- a/gnu-system.am
+++ b/gnu-system.am
@@ -571,6 +571,7 @@ dist_patch_DATA =                                           
\
   gnu/packages/patches/nvi-dbpagesize-binpower.patch           \
   gnu/packages/patches/nvi-db4.patch                           \
   gnu/packages/patches/openexr-missing-samples.patch           \
+  gnu/packages/patches/openjpeg-use-after-free-fix.patch       \
   gnu/packages/patches/openssl-runpath.patch                   \
   gnu/packages/patches/openssl-c-rehash.patch                  \
   gnu/packages/patches/orpheus-cast-errors-and-includes.patch  \
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index cee7f14..c23946d 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -271,7 +271,8 @@ work.")
          (string-append "mirror://sourceforge/openjpeg.mirror/" name "-"
                         version ".tar.gz"))
         (sha256
-         (base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj"))))
+         (base32 "00zzm303zvv4ijzancrsb1cqbph3pgz0nky92k9qx3fq9y0vnchj"))
+        (patches (list (search-patch "openjpeg-use-after-free-fix.patch")))))
     (build-system cmake-build-system)
     (arguments
       ;; Trying to run `$ make check' results in a no rule fault.
@@ -292,7 +293,7 @@ In addition to the basic codec, various other features are 
under
 development, among them the JP2 and MJ2 (Motion JPEG 2000) file formats,
 an indexing tool useful for the JPIP protocol, JPWL-tools for
 error-resilience, a Java-viewer for j2k-images, ...")
-    (home-page "https://code.google.com/p/openjpeg/";)
+    (home-page "https://github.com/uclouvain/openjpeg";)
     (license license:bsd-2)))
 
 (define-public openjpeg-2.0
@@ -306,7 +307,8 @@ error-resilience, a Java-viewer for j2k-images, ...")
         (string-append "mirror://sourceforge/openjpeg.mirror/" name "-"
                        version ".tar.gz"))
        (sha256
-        (base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z"))))))
+        (base32 "1c2xc3nl2mg511b63rk7hrckmy14681p1m44mzw3n1fyqnjm0b0z"))
+       (patches (list (search-patch "openjpeg-use-after-free-fix.patch")))))))
 
 (define-public openjpeg-1
   (package (inherit openjpeg)
diff --git a/gnu/packages/patches/openjpeg-use-after-free-fix.patch 
b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
new file mode 100644
index 0000000..1a9cb1a
--- /dev/null
+++ b/gnu/packages/patches/openjpeg-use-after-free-fix.patch
@@ -0,0 +1,48 @@
+From 940100c28ae28931722290794889cf84a92c5f6f Mon Sep 17 00:00:00 2001
+From: mayeut <address@hidden>
+Date: Sun, 6 Sep 2015 17:24:03 +0200
+Subject: [PATCH] Fix potential use-after-free in opj_j2k_write_mco function
+
+Fixes #563
+---
+ src/lib/openjp2/j2k.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 19a48f5..d487d89 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -5559,8 +5559,7 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+         assert(p_stream != 00);
+ 
+         l_tcp =&(p_j2k->m_cp.tcps[p_j2k->m_current_tile_number]);
+-        l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
+-
++      
+         l_mco_size = 5 + l_tcp->m_nb_mcc_records;
+         if (l_mco_size > 
p_j2k->m_specific_param.m_encoder.m_header_tile_data_size) {
+ 
+@@ -5575,6 +5574,8 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+                 p_j2k->m_specific_param.m_encoder.m_header_tile_data = 
new_header_tile_data;
+                 p_j2k->m_specific_param.m_encoder.m_header_tile_data_size = 
l_mco_size;
+         }
++        l_current_data = p_j2k->m_specific_param.m_encoder.m_header_tile_data;
++
+ 
+         opj_write_bytes(l_current_data,J2K_MS_MCO,2);                   /* 
MCO */
+         l_current_data += 2;
+@@ -5586,10 +5587,9 @@ static OPJ_BOOL opj_j2k_write_mco(     opj_j2k_t *p_j2k,
+         ++l_current_data;
+ 
+         l_mcc_record = l_tcp->m_mcc_records;
+-        for     (i=0;i<l_tcp->m_nb_mcc_records;++i) {
++        for (i=0;i<l_tcp->m_nb_mcc_records;++i) {
+                 opj_write_bytes(l_current_data,l_mcc_record->m_index,1);/* 
Imco -> use the mcc indicated by 1*/
+                 ++l_current_data;
+-
+                 ++l_mcc_record;
+         }
+ 
+-- 
+2.5.0
+

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (9ab5ea4 -> b927058), Mark H. Weaver, 2015/10/08
- 01/01: gnu: openjpeg-2.x: Add fix for use-after-free in opj_j2k_write_mco., Mark H. Weaver <=

Prev by Date: 01/02: gnu: Add pigz.
Next by Date: 01/01: gnu: valgrind: Update to 3.11.0.
Previous by thread: branch master updated (9ab5ea4 -> b927058)
Next by thread: branch master updated (b927058 -> 93bd4a3)
Index(es):
- Date
- Thread