summaryrefslogtreecommitdiff
path: root/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch')
-rw-r--r--media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch52
1 files changed, 52 insertions, 0 deletions
diff --git a/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch
new file mode 100644
index 000000000000..3733a1b94545
--- /dev/null
+++ b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch
@@ -0,0 +1,52 @@
+Upstream: https://github.com/uclouvain/openjpeg/commit/1daaa0b909aebdf71be36238d16dfbec83c494ed
+Bug: https://bugs.gentoo.org/783513
+CVE-2021-29338
+--- a/src/bin/jp2/opj_compress.c
++++ b/src/bin/jp2/opj_compress.c
+@@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
+ goto fin;
+ }
+ for (i = 0; i < num_images; i++) {
+- dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
++ dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
+ }
+ }
+ if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
+ if (img_fol.set_imgdir == 1) {
+ int it_image;
+ num_images = get_num_images(img_fol.imgdirpath);
+-
+ dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
+ if (!dirptr) {
+ destroy_parameters(&parameters);
+@@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
+ goto fin;
+ }
+ for (it_image = 0; it_image < num_images; it_image++) {
+- dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
++ dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
++ OPJ_PATH_LEN;
+ }
+
+ if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+--- a/src/bin/jp2/opj_dump.c
++++ b/src/bin/jp2/opj_dump.c
+@@ -529,13 +529,13 @@ int main(int argc, char *argv[])
+ }
+
+ for (it_image = 0; it_image < num_images; it_image++) {
+- dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
++ dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
++ OPJ_PATH_LEN;
+ }
+
+ if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+ goto fails;
+ }
+-
+ if (num_images == 0) {
+ fprintf(stdout, "Folder is empty\n");
+ goto fails;
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-30 15:02:10 +0000