sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-06-16 10:10:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
ports/graphics/jasper/files/patch-jpc_t2dec.c
Dirk Meyer 9ad3263e80 graphics/jasper 
- Security fixes
  Multiple integer overflows
  Buffer overflow in the jas_stream_printf
  execute arbitrary code on decodes images
Security: CVE-2008-3520
Security: CVE-2008-3522
Security: CVE-2011-4516
Security: CVE-2011-4517
PR:             163718
Obtained from:  Fedora
Feature safe: yes
2013-04-17 21:25:47 +00:00

29 lines
1.1 KiB
C
Raw Blame History

--- src/libjasper/jpc/jpc_t2dec.c.orig 2007-01-19 22:43:07.000000000 +0100
+++ src/libjasper/jpc/jpc_t2dec.c 2013-04-17 22:32:23.000000000 +0200
@@ -478,7 +478,7 @@
return 0;
}
pi->numcomps = dec->numcomps;
- if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
+ if (!(pi->picomps = jas_malloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
jpc_pi_destroy(pi);
return 0;
}
@@ -490,7 +490,7 @@
for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps;
compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
picomp->numrlvls = tcomp->numrlvls;
- if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
+ if (!(picomp->pirlvls = jas_malloc2(picomp->numrlvls,
sizeof(jpc_pirlvl_t)))) {
jpc_pi_destroy(pi);
return 0;
@@ -503,7 +503,7 @@
rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) {
/* XXX sizeof(long) should be sizeof different type */
pirlvl->numprcs = rlvl->numprcs;
- if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
+ if (!(pirlvl->prclyrnos = jas_malloc2(pirlvl->numprcs,
sizeof(long)))) {
jpc_pi_destroy(pi);
return 0;
Reference in a new issue View git blame Copy permalink