Upstream patch for CVE-2012-3535.
diff -Naur OpenJPEG_v1_3.orig/libopenjpeg/j2k.c OpenJPEG_v1_3/libopenjpeg/j2k.c
--- OpenJPEG_v1_3.orig/libopenjpeg/j2k.c 2007-12-19 07:28:40.000000000 -0500
+++ OpenJPEG_v1_3/libopenjpeg/j2k.c 2012-09-12 11:14:45.622827158 -0400
@@ -720,6 +720,13 @@
j2k->state |= J2K_STATE_ERR;
}
+ if( tccp->numresolutions > J2K_MAXRLVLS ) {
+ opj_event_msg(j2k->cinfo, EVT_ERROR, "Error decoding component %d.\nThe number of resolutions is too big: %d vs max= %d. Truncating.\n\n",
+ compno, tccp->numresolutions, J2K_MAXRLVLS);
+ j2k->state |= J2K_STATE_ERR;
+ tccp->numresolutions = J2K_MAXRLVLS;
+ }
+
tccp->cblkw = cio_read(cio, 1) + 2; /* SPcox (E) */
tccp->cblkh = cio_read(cio, 1) + 2; /* SPcox (F) */
tccp->cblksty = cio_read(cio, 1); /* SPcox (G) */
distrib
>
Mageia
>
1
>
i586
>
media
>
core-updates-src
>
by-pkgid
>
9c761c5b28ee4e0f512b3e66d9eba1ab
>
files
>
4
