mirror of
https://git.freebsd.org/ports.git
synced 2025-07-09 05:19:16 -04:00
1a3c3e5ae9
- fix double-free in in jas_iccattrval_destroy() Obtained from: RedHat Security: CVE-2014-8137 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1173157 - fix heap overflow in jp2_decode() Obtained from: RedHat Security: CVE-2014-8138 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1173162 - dec->numtiles off-by-one check in jpc_dec_process_sot() Obtained from: RedHat, Fedora Security: CVE-2014-8157 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1179282 - multiple stack-based buffer overflows Obtained from: RedHat, Fedora Security: CVE-2014-8158 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1179282 - fix Heap overflows in libjasper Obtained from: RedHat Security: CVE-2014-9029 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1167537 - fix Use-after-free (and double-free) Security: CVE-2015-5221 Security: http://www.openwall.com/lists/oss-security/2015/08/20/4 PR: 203504 - patch (rows_ NULL check) Obtained from: RedHat Security: CVE-2016-2089 Security: https://bugzilla.redhat.com/show_bug.cgi?id=1302636
39 lines
1.4 KiB
C
39 lines
1.4 KiB
C
--- src/libjasper/mif/mif_cod.c.orig 2007-01-19 22:43:05.000000000 +0100
|
|
+++ src/libjasper/mif/mif_cod.c 2016-02-20 14:19:34.799575000 +0100
|
|
@@ -107,7 +107,7 @@
|
|
static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
|
|
static mif_cmpt_t *mif_cmpt_create(void);
|
|
static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
|
|
-static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
|
|
+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
|
|
static int mif_getc(jas_stream_t *in);
|
|
static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
|
|
|
|
@@ -438,8 +438,7 @@
|
|
int cmptno;
|
|
mif_cmpt_t **newcmpts;
|
|
assert(maxcmpts >= hdr->numcmpts);
|
|
- newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) :
|
|
- jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *));
|
|
+ newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *));
|
|
if (!newcmpts) {
|
|
return -1;
|
|
}
|
|
@@ -571,6 +570,8 @@
|
|
}
|
|
}
|
|
jas_tvparser_destroy(tvp);
|
|
+ /* fix for CVE-2015-5221 */
|
|
+ tvp = NULL;
|
|
if (!cmpt->sampperx || !cmpt->samppery) {
|
|
goto error;
|
|
}
|
|
@@ -658,7 +659,7 @@
|
|
* MIF parsing code.
|
|
\******************************************************************************/
|
|
|
|
-static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
|
|
+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
|
|
{
|
|
int c;
|
|
char *bufptr;
|