summaryrefslogtreecommitdiff
path: root/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c
diff options
context:
space:
mode:
Diffstat (limited to 'graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c')
-rw-r--r--graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c93
1 files changed, 52 insertions, 41 deletions
diff --git a/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c
index 7297531b334..0d91b73117c 100644
--- a/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c
+++ b/graphics/jasper/patches/patch-src_libjasper_jpc_jpc__qmfb.c
@@ -1,11 +1,14 @@
-$NetBSD: patch-src_libjasper_jpc_jpc__qmfb.c,v 1.1 2015/02/08 23:04:22 snj Exp $
+$NetBSD: patch-src_libjasper_jpc_jpc__qmfb.c,v 1.2 2016/05/16 14:03:40 he Exp $
Fix CVE-2014-8158. Patch taken from
https://bugzilla.redhat.com/show_bug.cgi?id=1179298
---- src/libjasper/jpc/jpc_qmfb.c.orig 2007-01-19 13:43:07.000000000 -0800
-+++ src/libjasper/jpc/jpc_qmfb.c 2015-02-08 14:49:33.000000000 -0800
-@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+Fix CVE-2008-3520, patches from
+https://bugs.gentoo.org/show_bug.cgi?id=222819
+
+--- src/libjasper/jpc/jpc_qmfb.c.old 2016-03-31 14:47:00.000000000 +0200
++++ src/libjasper/jpc/jpc_qmfb.c 2016-03-31 14:48:03.000000000 +0200
+@@ -306,11 +306,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numcols, 1);
@@ -17,15 +20,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = splitbuf;
register jpc_fix_t *srcptr;
register jpc_fix_t *dstptr;
-@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+@@ -318,15 +314,13 @@
register int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
abort();
}
}
@@ -33,7 +37,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
if (numcols >= 2) {
hstartcol = (numcols + 1 - parity) >> 1;
-@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+@@ -360,12 +354,10 @@
}
}
@@ -46,7 +50,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+@@ -374,11 +366,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -58,15 +62,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = splitbuf;
register jpc_fix_t *srcptr;
register jpc_fix_t *dstptr;
-@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+@@ -386,15 +374,13 @@
register int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
abort();
}
}
@@ -74,7 +79,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
if (numrows >= 2) {
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+@@ -428,12 +414,10 @@
}
}
@@ -87,7 +92,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+@@ -442,11 +426,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -99,15 +104,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = splitbuf;
jpc_fix_t *srcptr;
jpc_fix_t *dstptr;
-@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+@@ -457,15 +437,13 @@
int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
abort();
}
}
@@ -115,7 +121,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
if (numrows >= 2) {
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+@@ -517,12 +495,10 @@
}
}
@@ -128,7 +134,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+@@ -531,11 +507,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -140,15 +146,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = splitbuf;
jpc_fix_t *srcptr;
jpc_fix_t *dstptr;
-@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+@@ -546,15 +518,13 @@
int m;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
abort();
}
}
@@ -156,7 +163,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
if (numrows >= 2) {
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+@@ -606,12 +576,10 @@
}
}
@@ -169,7 +176,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+@@ -619,26 +587,20 @@
{
int bufsize = JPC_CEILDIVPOW2(numcols, 1);
@@ -187,8 +194,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide. */
abort();
}
}
@@ -196,7 +204,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
hstartcol = (numcols + 1 - parity) >> 1;
-@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+@@ -670,12 +632,10 @@
++srcptr;
}
@@ -209,7 +217,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+@@ -684,26 +644,20 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -227,8 +235,9 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
-@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide. */
abort();
}
}
@@ -236,7 +245,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+@@ -735,12 +689,10 @@
++srcptr;
}
@@ -249,7 +258,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+@@ -749,11 +701,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -261,15 +270,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = joinbuf;
jpc_fix_t *srcptr;
jpc_fix_t *dstptr;
-@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+@@ -763,15 +711,13 @@
register int i;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
-@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide. */
abort();
}
}
@@ -277,7 +287,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
+@@ -821,12 +767,10 @@
srcptr += JPC_QMFB_COLGRPSIZE;
}
@@ -290,7 +300,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
}
-@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+@@ -835,11 +779,7 @@
{
int bufsize = JPC_CEILDIVPOW2(numrows, 1);
@@ -302,15 +312,16 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
jpc_fix_t *buf = joinbuf;
jpc_fix_t *srcptr;
jpc_fix_t *dstptr;
-@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+@@ -849,15 +789,13 @@
register int i;
int hstartcol;
-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) {
-@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide. */
abort();
}
}
@@ -318,7 +329,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1179298
hstartcol = (numrows + 1 - parity) >> 1;
-@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
+@@ -907,12 +845,10 @@
srcptr += numcols;
}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-13 12:07:51 +0000