From 9ad3263e802afd53731df2dce73199621e62ecde Mon Sep 17 00:00:00 2001
From: Dirk Meyer <dinoex@FreeBSD.org>
Date: Wed, 17 Apr 2013 21:25:47 +0000
Subject: graphics/jasper - Security fixes   Multiple integer overflows  
 Buffer overflow in the jas_stream_printf   execute arbitrary code on decodes
 images Security: CVE-2008-3520 Security: CVE-2008-3522 Security:
 CVE-2011-4516 Security: CVE-2011-4517 PR:             163718 Obtained from: 
 Fedora Feature safe: yes

---
 graphics/jasper/files/patch-jpc_t1enc.c | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 graphics/jasper/files/patch-jpc_t1enc.c

(limited to 'graphics/jasper/files/patch-jpc_t1enc.c')

diff --git a/graphics/jasper/files/patch-jpc_t1enc.c b/graphics/jasper/files/patch-jpc_t1enc.c
new file mode 100644
index 000000000000..e399f72162a4
--- /dev/null
+++ b/graphics/jasper/files/patch-jpc_t1enc.c
@@ -0,0 +1,11 @@
+--- src/libjasper/jpc/jpc_t1enc.c.orig	2007-01-19 22:43:07.000000000 +0100
++++ src/libjasper/jpc/jpc_t1enc.c	2013-04-17 22:32:23.000000000 +0200
+@@ -219,7 +219,7 @@
+ 
+ 	cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0;
+ 	if (cblk->numpasses > 0) {
+-		cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t));
++		cblk->passes = jas_malloc2(cblk->numpasses, sizeof(jpc_enc_pass_t));
+ 		assert(cblk->passes);
+ 	} else {
+ 		cblk->passes = 0;
-- 
cgit v1.2.3