Projects
Mega:24.03
jbigkit
_service:tar_scm:backport-CVE-2017-9937.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:backport-CVE-2017-9937.patch of Package jbigkit
From 535df935911c401d345cb004a2fa00eb7a727259 Mon Sep 17 00:00:00 2001 From: wiz <wiz@pkgsrc.org> Date: Mon, 3 Aug 2020 21:34:06 +0000 Subject: [PATCH] jbigkit: fix CVE-2017-9937 using upstream commit See e.g. https://gitlab.com/libtiff/libtiff/-/issues/97 Bump PKGREVISION. --- libjbig/jbig.c | 5 +++++ libjbig/jbig.h | 2 ++ 2 files changed, 7 insertions(+) diff --git a/libjbig/jbig.c b/libjbig/jbig.c index 751ceff..7b5b99e 100644 --- a/libjbig/jbig.c +++ b/libjbig/jbig.c @@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *s) s->xmax = 4294967295UL; s->ymax = 4294967295UL; s->dmax = 256; + s->maxmem = 2000000000; /* no final image larger than 2 GB by default */ s->s = NULL; return; @@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len, return JBG_EIMPL | 5; s->options = s->buffer[19]; + /* will the final image require more bytes than permitted by s->maxmem? */ + if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0) + return JBG_ENOMEM; /* increase s->maxmem if needed */ + /* calculate number of stripes that will be required */ s->stripes = jbg_stripes(s->l0, s->yd, s->d); diff --git a/libjbig/jbig.h b/libjbig/jbig.h index 6799410..7a9cdf9 100644 --- a/libjbig/jbig.h +++ b/libjbig/jbig.h @@ -181,6 +181,8 @@ struct jbg_dec_state { unsigned long xmax, ymax; /* if possible abort before image gets * * larger than this size */ int dmax; /* abort after this layer */ + size_t maxmem; /* return JBG_ENOMEM if final image layer D + would require more than maxmem bytes */ }; -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2