graphics/jasper

- Security fixes Multiple integer overflows Buffer overflow in the jas_stream_printf execute arbitrary code on decodes images Security: CVE-2008-3520 Security: CVE-2008-3522 Security: CVE-2011-4516 Security: CVE-2011-4517 PR: 163718 Obtained from: Fedora Feature safe: yes
author: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
commit: 9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree: 6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jas_image.c
parent: - Update to 2.2 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/graphics/jasper/files/patch-jas_image.c b/graphics/jasper/files/patch-jas_image.c
new file mode 100644
index 000000000000..43adc59e6922
--- /dev/null
+++ b/graphics/jasper/files/patch-jas_image.c
@@ -0,0 +1,21 @@
+--- src/libjasper/base/jas_image.c.orig	2007-01-19 22:43:05.000000000 +0100
++++ src/libjasper/base/jas_image.c	2013-04-17 22:32:23.000000000 +0200
+@@ -142,7 +142,7 @@
+ 	image->inmem_ = true;
+ 
+ 	/* Allocate memory for the per-component information. */
+-	if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ *
++	if (!(image->cmpts_ = jas_malloc2(image->maxcmpts_,
+ 	  sizeof(jas_image_cmpt_t *)))) {
+ 		jas_image_destroy(image);
+ 		return 0;
+@@ -774,8 +774,7 @@
+ 	jas_image_cmpt_t **newcmpts;
+ 	int cmptno;
+ 
+-	newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) :
+-	  jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *));
++	newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *));
+ 	if (!newcmpts) {
+ 		return -1;
+ 	}
author	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
commit	9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree	6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jas_image.c
parent	- Update to 2.2 (diff)