diff options
author | Sam James (sam_c) <sam@cmpct.info> | 2020-06-11 00:37:52 +0000 |
---|---|---|
committer | Mike Gilbert <floppym@gentoo.org> | 2020-06-13 12:30:39 -0400 |
commit | 8110962edc520001b3d2059be69702a1ceccee9b (patch) | |
tree | f383f08a6141bf296325a61f155d5ea50159e09f /media-libs/libjpeg-turbo/files | |
parent | sci-astronomy/pyephem: Bump to 3.7.7.1 (diff) | |
download | gentoo-8110962edc520001b3d2059be69702a1ceccee9b.tar.gz gentoo-8110962edc520001b3d2059be69702a1ceccee9b.tar.bz2 gentoo-8110962edc520001b3d2059be69702a1ceccee9b.zip |
media-libs/libjpeg-turbo: Patch CVE-2020-13790
Bug: https://bugs.gentoo.org/727010
Package-Manager: Portage-2.3.99, Repoman-2.3.22
Signed-off-by: Sam James (sam_c) <sam@cmpct.info>
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/16184
Diffstat (limited to 'media-libs/libjpeg-turbo/files')
-rw-r--r-- | media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch | 43 | ||||
-rw-r--r-- | media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch | 34 |
2 files changed, 77 insertions, 0 deletions
diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch new file mode 100644 index 000000000000..8a9fcbd79724 --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-1.5.3-CVE-2020-13790.patch @@ -0,0 +1,43 @@ +From 1bfb0b5247f4fc8f6677639781ce468543490216 Mon Sep 17 00:00:00 2001 +From: DRC <information@libjpeg-turbo.org> +Date: Tue, 2 Jun 2020 14:15:37 -0500 +Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM + +This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to +include binary PPM files with maximum values < 255, thus preventing a +malformed binary PPM input file with those specifications from +triggering an overrun of the rescale array and potentially crashing +cjpeg, TJBench, or any program that uses the tjLoadImage() function. + +Fixes #433 +diff --git a/rdppm.c b/rdppm.c +index c0c096218..899436eec 100644 +--- a/rdppm.c ++++ b/rdppm.c +@@ -5,7 +5,7 @@ + * Copyright (C) 1991-1997, Thomas G. Lane. + * Modified 2009 by Bill Allombert, Guido Vollbeding. + * libjpeg-turbo Modifications: +- * Copyright (C) 2015, 2016, D. R. Commander. ++ * Copyright (C) 2015, 2016, 2020, D. R. Commander. + * For conditions of distribution and use, see the accompanying README.ijg + * file. + * +@@ -22,6 +22,7 @@ + * the file is indeed PPM format). + */ + ++#define JPEG_INTERNALS + #include "cdjpeg.h" /* Common decls for cjpeg/djpeg applications */ + + #ifdef PPM_SUPPORTED +@@ -425,7 +426,7 @@ start_input_ppm (j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + /* On 16-bit-int machines we have to be careful of maxval = 65535 */ + source->rescale = (JSAMPLE *) + (*cinfo->mem->alloc_small) ((j_common_ptr) cinfo, JPOOL_IMAGE, +- (size_t) (((long) maxval + 1L) * ++ (size_t) (((long) MAX(maxval, 255) + 1L) * + sizeof(JSAMPLE))); + half_maxval = maxval / 2; + for (val = 0; val <= (long) maxval; val++) { + diff --git a/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch new file mode 100644 index 000000000000..e88ac174684d --- /dev/null +++ b/media-libs/libjpeg-turbo/files/libjpeg-turbo-2.0.4-CVE-2020-13790.patch @@ -0,0 +1,34 @@ +From 3de15e0c344d11d4b90f4a47136467053eb2d09a Mon Sep 17 00:00:00 2001 +From: DRC <information@libjpeg-turbo.org> +Date: Tue, 2 Jun 2020 14:15:37 -0500 +Subject: [PATCH] rdppm.c: Fix buf overrun caused by bad binary PPM + +This extends the fix in 1e81b0c3ea26f4ea8f56de05367469333de64a9f to +include binary PPM files with maximum values < 255, thus preventing a +malformed binary PPM input file with those specifications from +triggering an overrun of the rescale array and potentially crashing +cjpeg, TJBench, or any program that uses the tjLoadImage() function. + +Fixes #433 +diff --git a/rdppm.c b/rdppm.c +index 87bc33090..a8507b902 100644 +--- a/rdppm.c ++++ b/rdppm.c +@@ -5,7 +5,7 @@ + * Copyright (C) 1991-1997, Thomas G. Lane. + * Modified 2009 by Bill Allombert, Guido Vollbeding. + * libjpeg-turbo Modifications: +- * Copyright (C) 2015-2017, D. R. Commander. ++ * Copyright (C) 2015-2017, 2020, D. R. Commander. + * For conditions of distribution and use, see the accompanying README.ijg + * file. + * +@@ -720,7 +720,7 @@ start_input_ppm(j_compress_ptr cinfo, cjpeg_source_ptr sinfo) + /* On 16-bit-int machines we have to be careful of maxval = 65535 */ + source->rescale = (JSAMPLE *) + (*cinfo->mem->alloc_small) ((j_common_ptr)cinfo, JPOOL_IMAGE, +- (size_t)(((long)maxval + 1L) * ++ (size_t)(((long)MAX(maxval, 255) + 1L) * + sizeof(JSAMPLE))); + half_maxval = maxval / 2; + for (val = 0; val <= (long)maxval; val++) { |