Date: Tue, 11 Oct 2016 15:13:15 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r423771 - in head/graphics/openjpeg: . files Message-ID: <201610111513.u9BFDFSH085681@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Tue Oct 11 15:13:15 2016 New Revision: 423771 URL: https://svnweb.freebsd.org/changeset/ports/423771 Log: graphics/openjpeg: Add patches to resolve CVEs PR: 212672 MFH: 2016Q4 Security: CVE-2016-5157 Security: CVE-2016-7163 Added: head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c (contents, props changed) head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c (contents, props changed) head/graphics/openjpeg/files/patch-tests_compare__dump__files.c (contents, props changed) head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in (contents, props changed) Modified: head/graphics/openjpeg/Makefile Modified: head/graphics/openjpeg/Makefile ============================================================================== --- head/graphics/openjpeg/Makefile Tue Oct 11 15:09:30 2016 (r423770) +++ head/graphics/openjpeg/Makefile Tue Oct 11 15:13:15 2016 (r423771) @@ -3,6 +3,7 @@ PORTNAME= openjpeg PORTVERSION= 2.1.1 +PORTREVISION= 1 CATEGORIES= graphics MAINTAINER= sunpoet@FreeBSD.org Added: head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c Tue Oct 11 15:13:15 2016 (r423771) @@ -0,0 +1,17 @@ +--- src/lib/openjp2/pi.c.orig 2016-09-14 00:01:22 UTC ++++ src/lib/openjp2/pi.c +@@ -1236,7 +1236,13 @@ opj_pi_iterator_t *opj_pi_create_decode( + l_current_pi = l_pi; + + /* memory allocation for include */ +- l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ /* prevent an integer overflow issue */ ++ l_current_pi->include = 00; ++ if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) ++ { ++ l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ } ++ + if + (!l_current_pi->include) + { Added: head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c Tue Oct 11 15:13:15 2016 (r423771) @@ -0,0 +1,23 @@ +--- src/lib/openjp2/tcd.c.orig 2016-09-14 00:02:27 UTC ++++ src/lib/openjp2/tcd.c +@@ -706,9 +706,20 @@ static INLINE OPJ_BOOL opj_tcd_init_tile + l_tx0 = l_cp->tx0 + p * l_cp->tdx; /* can't be greater than l_image->x1 so won't overflow */ + l_tile->x0 = (OPJ_INT32)opj_uint_max(l_tx0, l_image->x0); + l_tile->x1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, l_cp->tdx), l_image->x1); ++ /* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */ ++ if ((l_tile->x0 < 0) || (l_tile->x1 <= l_tile->x0)) { ++ opj_event_msg(manager, EVT_ERROR, "Tile X coordinates are not supported\n"); ++ return OPJ_FALSE; ++ } + l_ty0 = l_cp->ty0 + q * l_cp->tdy; /* can't be greater than l_image->y1 so won't overflow */ + l_tile->y0 = (OPJ_INT32)opj_uint_max(l_ty0, l_image->y0); + l_tile->y1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, l_cp->tdy), l_image->y1); ++ /* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */ ++ if ((l_tile->y0 < 0) || (l_tile->y1 <= l_tile->y0)) { ++ opj_event_msg(manager, EVT_ERROR, "Tile Y coordinates are not supported\n"); ++ return OPJ_FALSE; ++ } ++ + + /* testcase 1888.pdf.asan.35.988 */ + if (l_tccp->numresolutions == 0) { Added: head/graphics/openjpeg/files/patch-tests_compare__dump__files.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-tests_compare__dump__files.c Tue Oct 11 15:13:15 2016 (r423771) @@ -0,0 +1,30 @@ +--- tests/compare_dump_files.c.orig 2016-09-14 00:05:13 UTC ++++ tests/compare_dump_files.c +@@ -118,10 +118,10 @@ int main(int argc, char **argv) + test_cmp_parameters inParam; + FILE *fbase=NULL, *ftest=NULL; + int same = 0; +- char lbase[256]; +- char strbase[256]; +- char ltest[256]; +- char strtest[256]; ++ char lbase[512]; ++ char strbase[512]; ++ char ltest[512]; ++ char strtest[512]; + + if( parse_cmdline_cmp(argc, argv, &inParam) == 1 ) + { +@@ -154,9 +154,9 @@ int main(int argc, char **argv) + + while (fgets(lbase, sizeof(lbase), fbase) && fgets(ltest,sizeof(ltest),ftest)) + { +- int nbase = sscanf(lbase, "%255[^\r\n]", strbase); +- int ntest = sscanf(ltest, "%255[^\r\n]", strtest); +- assert( nbase != 255 && ntest != 255 ); ++ int nbase = sscanf(lbase, "%511[^\r\n]", strbase); ++ int ntest = sscanf(ltest, "%511[^\r\n]", strtest); ++ assert( nbase != 511 && ntest != 511 ); + if( nbase != 1 || ntest != 1 ) + { + fprintf(stderr, "could not parse line from files\n" ); Added: head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in Tue Oct 11 15:13:15 2016 (r423771) @@ -0,0 +1,9 @@ +--- tests/nonregression/test_suite.ctest.in.orig 2016-09-14 00:06:50 UTC ++++ tests/nonregression/test_suite.ctest.in +@@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue2 + # issue 326 + PR 559: CIELab colorspace + opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx + opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx ++# issue 823 (yes, not a typo, test image is issue822) ++!opj_decompress -i @INPUT_NR_PATH@/issue822.jp2 -o @TEMP_PATH@/issue822.png ++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201610111513.u9BFDFSH085681>