diff options
Diffstat (limited to 'graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c')
-rw-r--r-- | graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c | 56 |
1 files changed, 48 insertions, 8 deletions
diff --git a/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c b/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c index a79b05eac13..d544287720d 100644 --- a/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c +++ b/graphics/jasper/patches/patch-src_libjasper_base_jas__seq.c @@ -1,10 +1,40 @@ -$NetBSD: patch-src_libjasper_base_jas__seq.c,v 1.1 2016/03/13 04:11:18 tnn Exp $ +$NetBSD: patch-src_libjasper_base_jas__seq.c,v 1.2 2016/05/16 14:03:40 he Exp $ CVE-2016-2089 denial of service. Via Debian. ---- src/libjasper/base/jas_seq.c.orig 2007-01-19 21:43:05.000000000 +0000 -+++ src/libjasper/base/jas_seq.c -@@ -262,6 +262,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma +Fix CVE-2008-3520, patches from +https://bugs.gentoo.org/show_bug.cgi?id=222819 + +--- src/libjasper/base/jas_seq.c.old 2016-03-31 14:47:00.000000000 +0200 ++++ src/libjasper/base/jas_seq.c 2016-03-31 14:47:50.000000000 +0200 +@@ -114,7 +114,7 @@ + matrix->datasize_ = numrows * numcols; + + if (matrix->maxrows_ > 0) { +- if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ * ++ if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_, + sizeof(jas_seqent_t *)))) { + jas_matrix_destroy(matrix); + return 0; +@@ -122,7 +122,7 @@ + } + + if (matrix->datasize_ > 0) { +- if (!(matrix->data_ = jas_malloc(matrix->datasize_ * ++ if (!(matrix->data_ = jas_alloc2(matrix->datasize_, + sizeof(jas_seqent_t)))) { + jas_matrix_destroy(matrix); + return 0; +@@ -220,7 +220,7 @@ + mat0->numrows_ = r1 - r0 + 1; + mat0->numcols_ = c1 - c0 + 1; + mat0->maxrows_ = mat0->numrows_; +- mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *)); ++ mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); + for (i = 0; i < mat0->numrows_; ++i) { + mat0->rows_[i] = mat1->rows_[r0 + i] + c0; + } +@@ -262,6 +262,10 @@ int rowstep; jas_seqent_t *data; @@ -15,7 +45,7 @@ CVE-2016-2089 denial of service. Via Debian. rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { -@@ -282,6 +286,10 @@ void jas_matrix_clip(jas_matrix_t *matri +@@ -282,6 +286,10 @@ jas_seqent_t *data; int rowstep; @@ -26,7 +56,7 @@ CVE-2016-2089 denial of service. Via Debian. rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { -@@ -306,6 +314,10 @@ void jas_matrix_asr(jas_matrix_t *matrix +@@ -306,6 +314,10 @@ int rowstep; jas_seqent_t *data; @@ -37,7 +67,7 @@ CVE-2016-2089 denial of service. Via Debian. assert(n >= 0); rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, -@@ -325,6 +337,10 @@ void jas_matrix_asl(jas_matrix_t *matrix +@@ -325,6 +337,10 @@ int rowstep; jas_seqent_t *data; @@ -48,7 +78,7 @@ CVE-2016-2089 denial of service. Via Debian. rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { -@@ -367,6 +383,10 @@ void jas_matrix_setall(jas_matrix_t *mat +@@ -367,6 +383,10 @@ int rowstep; jas_seqent_t *data; @@ -59,3 +89,13 @@ CVE-2016-2089 denial of service. Via Debian. rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { +@@ -432,7 +452,8 @@ + for (i = 0; i < jas_matrix_numrows(matrix); ++i) { + for (j = 0; j < jas_matrix_numcols(matrix); ++j) { + x = jas_matrix_get(matrix, i, j); +- sprintf(sbuf, "%s%4ld", (strlen(buf) > 0) ? " " : "", ++ snprintf(sbuf, sizeof sbuf, ++ "%s%4ld", (strlen(buf) > 0) ? " " : "", + JAS_CAST(long, x)); + n = strlen(buf); + if (n + strlen(sbuf) > MAXLINELEN) { |