From 9ad3263e802afd53731df2dce73199621e62ecde Mon Sep 17 00:00:00 2001
From: Dirk Meyer <dinoex@FreeBSD.org>
Date: Wed, 17 Apr 2013 21:25:47 +0000
Subject: graphics/jasper - Security fixes   Multiple integer overflows  
 Buffer overflow in the jas_stream_printf   execute arbitrary code on decodes
 images Security: CVE-2008-3520 Security: CVE-2008-3522 Security:
 CVE-2011-4516 Security: CVE-2011-4517 PR:             163718 Obtained from: 
 Fedora Feature safe: yes

---
 graphics/jasper/files/patch-jpc_mqenc.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 graphics/jasper/files/patch-jpc_mqenc.c

(limited to 'graphics/jasper/files/patch-jpc_mqenc.c')

diff --git a/graphics/jasper/files/patch-jpc_mqenc.c b/graphics/jasper/files/patch-jpc_mqenc.c
new file mode 100644
index 000000000000..fd4f3bd13bfd
--- /dev/null
+++ b/graphics/jasper/files/patch-jpc_mqenc.c
@@ -0,0 +1,11 @@
+--- src/libjasper/jpc/jpc_mqenc.c.orig	2007-01-19 22:43:07.000000000 +0100
++++ src/libjasper/jpc/jpc_mqenc.c	2013-04-17 22:32:23.000000000 +0200
+@@ -197,7 +197,7 @@
+ 	mqenc->maxctxs = maxctxs;
+ 
+ 	/* Allocate memory for the per-context state information. */
+-	if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) {
++	if (!(mqenc->ctxs = jas_malloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) {
+ 		goto error;
+ 	}
+ 
-- 
cgit v1.2.3