graphics/jasper

- Security fixes Multiple integer overflows Buffer overflow in the jas_stream_printf execute arbitrary code on decodes images Security: CVE-2008-3520 Security: CVE-2008-3522 Security: CVE-2011-4516 Security: CVE-2011-4517 PR: 163718 Obtained from: Fedora Feature safe: yes
author: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
commit: 9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree: 6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jas_stream.c
parent: - Update to 2.2 (diff)
1 files changed, 14 insertions, 3 deletions
diff --git a/graphics/jasper/files/patch-jas_stream.c b/graphics/jasper/files/patch-jas_stream.c
index 83bc7ca2acce..4d0d72292e66 100644
--- a/graphics/jasper/files/patch-jas_stream.c
+++ b/graphics/jasper/files/patch-jas_stream.c
@@ -1,6 +1,7 @@
---- src/libjasper/base/jas_stream.c	Fri Jan 19 16:43:05 2007
-+++ src/libjasper/base/jas_stream.c	Tue Jun 12 10:26:02 2007
-@@ -362,13 +362,12 @@
+--- src/libjasper/base/jas_stream.c.orig	2007-01-19 22:43:05.000000000 +0100
++++ src/libjasper/base/jas_stream.c	2013-04-17 21:57:41.000000000 +0200
+@@ -361,15 +361,14 @@
+ 	}
  	obj->fd = -1;
  	obj->flags = 0;
 -	obj->pathname[0] = '\0';
@@ -17,3 +18,13 @@
 +	if (obj->fd < 0) {
  		jas_stream_destroy(stream);
  		return 0;
+ 	}
+@@ -553,7 +552,7 @@
+ 	int ret;
+ 
+ 	va_start(ap, fmt);
+-	ret = vsprintf(buf, fmt, ap);
++	ret = vsnprintf(buf, sizeof(buf), fmt, ap);
+ 	jas_stream_puts(stream, buf);
+ 	va_end(ap);
+ 	return ret;
author	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
commit	9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree	6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jas_stream.c
parent	- Update to 2.2 (diff)