aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Michael Vetter <jubalh@iodoru.org>2019-12-02 12:59:33 +0100
committerGravatar Peter Korsgaard <peter@korsgaard.com>2019-12-06 09:20:46 +0100
commitefc4407f561d0b5d997b1069157c86cbc29a6702 (patch)
tree93423b4321b61f1a842476bc376337860761a5e4
parentb368f93a0200332ce6dc6ad9dabdaf486a8cc740 (diff)
downloadbuildroot-efc4407f561d0b5d997b1069157c86cbc29a6702.tar.gz
buildroot-efc4407f561d0b5d997b1069157c86cbc29a6702.tar.bz2
package/jasper: Apply fix for CVE-2018-19542
Add 0002-check-null-in-jp2_decode.patch: Patch was proposed upstream[1] but upstream is very inactive. Linux distributions use the same fix to patch their packages. 1: https://github.com/mdadams/jasper/pull/200 Signed-off-by: Michael Vetter <jubalh@iodoru.org> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit 61703b82cdcbd32dd27e8a8f2de31dfa45e6a2b1) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch b/package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch
new file mode 100644
index 0000000000..515a6162cd
--- /dev/null
+++ b/package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch
@@ -0,0 +1,24 @@
+From fc62d1b7164ded2405fd6a0604548b34a5a77462 Mon Sep 17 00:00:00 2001
+From: Timothy Lyanguzov <timothy.lyanguzov@sap.com>
+Date: Mon, 18 Mar 2019 16:46:24 +1300
+Subject: [PATCH] Fix CVE-2018-19542: Check for NULL pointer in jp2_decode
+
+Signed-off-by: Michael Vetter <jubalh@iodoru.org>
+---
+ src/libjasper/jp2/jp2_dec.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+index 03b0eaf..a535c19 100644
+--- a/src/libjasper/jp2/jp2_dec.c
++++ b/src/libjasper/jp2/jp2_dec.c
+@@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
+ }
+ #endif
++ } else {
++ jas_eprintf("error: invalid MTYP in CMAP box\n");
++ goto error;
+ }
+ }
+ }