graphics/jasper

- Security fixes Multiple integer overflows Buffer overflow in the jas_stream_printf execute arbitrary code on decodes images Security: CVE-2008-3520 Security: CVE-2008-3522 Security: CVE-2011-4516 Security: CVE-2011-4517 PR: 163718 Obtained from: Fedora Feature safe: yes
author: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
commit: 9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree: 6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jp2_enc.c
parent: - Update to 2.2 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/graphics/jasper/files/patch-jp2_enc.c b/graphics/jasper/files/patch-jp2_enc.c
new file mode 100644
index 000000000000..2233d909790a
--- /dev/null
+++ b/graphics/jasper/files/patch-jp2_enc.c
@@ -0,0 +1,20 @@
+--- src/libjasper/jp2/jp2_enc.c.orig	2013-04-17 22:32:23.000000000 +0200
++++ src/libjasper/jp2/jp2_enc.c	2013-04-17 22:32:23.000000000 +0200
+@@ -194,7 +194,7 @@
+ 		}
+ 		bpcc = &box->data.bpcc;
+ 		bpcc->numcmpts = jas_image_numcmpts(image);
+-		if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts *
++		if (!(bpcc->bpcs = jas_malloc2(bpcc->numcmpts,
+ 		  sizeof(uint_fast8_t)))) {
+ 			goto error;
+ 		}
+@@ -288,7 +288,7 @@
+ 		}
+ 		cdef = &box->data.cdef;
+ 		cdef->numchans = jas_image_numcmpts(image);
+-		cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t));
++		cdef->ents = jas_malloc2(cdef->numchans, sizeof(jp2_cdefchan_t));
+ 		for (i = 0; i < jas_image_numcmpts(image); ++i) {
+ 			cdefchanent = &cdef->ents[i];
+ 			cdefchanent->channo = i;
author	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
commit	9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree	6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jp2_enc.c
parent	- Update to 2.2 (diff)