graphics/jasper

- Security fixes Multiple integer overflows Buffer overflow in the jas_stream_printf execute arbitrary code on decodes images Security: CVE-2008-3520 Security: CVE-2008-3522 Security: CVE-2011-4516 Security: CVE-2011-4517 PR: 163718 Obtained from: Fedora Feature safe: yes
author: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
committer: Dirk Meyer <dinoex@FreeBSD.org> 2013-04-17 21:25:47 +0000
commit: 9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree: 6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jpc_t1enc.c
parent: - Update to 2.2 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/graphics/jasper/files/patch-jpc_t1enc.c b/graphics/jasper/files/patch-jpc_t1enc.c
new file mode 100644
index 000000000000..e399f72162a4
--- /dev/null
+++ b/graphics/jasper/files/patch-jpc_t1enc.c
@@ -0,0 +1,11 @@
+--- src/libjasper/jpc/jpc_t1enc.c.orig	2007-01-19 22:43:07.000000000 +0100
++++ src/libjasper/jpc/jpc_t1enc.c	2013-04-17 22:32:23.000000000 +0200
+@@ -219,7 +219,7 @@
+ 
+ 	cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0;
+ 	if (cblk->numpasses > 0) {
+-		cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t));
++		cblk->passes = jas_malloc2(cblk->numpasses, sizeof(jpc_enc_pass_t));
+ 		assert(cblk->passes);
+ 	} else {
+ 		cblk->passes = 0;
author	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
committer	Dirk Meyer <dinoex@FreeBSD.org>	2013-04-17 21:25:47 +0000
commit	9ad3263e802afd53731df2dce73199621e62ecde (patch)
tree	6ae1451fe5b1dcbd9d73dfa71232906735920136 /graphics/jasper/files/patch-jpc_t1enc.c
parent	- Update to 2.2 (diff)