master

分支 (13)

标签 (11)

管理

管理

master

openEuler-21.09

openEuler-22.03-LTS

openEuler-22.03-LTS-Next

openEuler-20.03-LTS

openEuler-20.09

openEuler-20.03-LTS-Next

openEuler-20.03-LTS-SP2

openEuler-20.03-LTS-SP3

openEuler-20.03-LTS-SP1

openEuler-21.03

openEuler1.0

openEuler1.0-base

openEuler-22.03-LTS-20220331

openEuler-22.03-LTS-round5

openEuler-22.03-LTS-round3

openEuler-22.03-LTS-round2

openEuler-22.03-LTS-round1

openEuler-20.03-LTS-SP3-release

openEuler-20.03-LTS-SP2-20210624

openEuler-21.03-20210330

openEuler-20.09-20200929

openEuler-20.03-LTS-20200606

openEuler-20.03-LTS-tag

openjpeg
/
openjpeg-1.5-r2029.patch

Index: libopenjpeg/jp2.c
===================================================================
--- a/libopenjpeg/jp2.c	(revision 2028)
+++ a/libopenjpeg/jp2.c	(revision 2029)
@@ -173,6 +173,10 @@
 	else if (box->length == 0) {
 		box->length = cio_numbytesleft(cio) + 8;
 	}
+	if (box->length < 0) {
+		opj_event_msg(cinfo, EVT_ERROR, "Integer overflow in box->length\n");
+		return OPJ_FALSE; // TODO: actually check jp2_read_boxhdr's return value
+	}

 	return OPJ_TRUE;
 }
@@ -654,6 +658,7 @@
         opj_event_msg(cinfo, EVT_ERROR, "Expected JP2H Marker\n");
         return OPJ_FALSE;
         }
+	  if (box.length <= 8) return OPJ_FALSE;
       cio_skip(cio, box.length - 8);

       if(cio->bp >= cio->end) return OPJ_FALSE;
@@ -679,6 +684,7 @@
       {
       if( !jp2_read_colr(jp2, cio, &box, color))
         {
+        if (box.length <= 8) return OPJ_FALSE;
         cio_seek(cio, box.init_pos + 8);
         cio_skip(cio, box.length - 8);
         }
@@ -689,6 +695,7 @@
       {
       if( !jp2_read_cdef(jp2, cio, &box, color))
         {
+        if (box.length <= 8) return OPJ_FALSE;
         cio_seek(cio, box.init_pos + 8);
         cio_skip(cio, box.length - 8);
         }
@@ -699,6 +706,7 @@
       {
       if( !jp2_read_pclr(jp2, cio, &box, color))
         {
+        if (box.length <= 8) return OPJ_FALSE;
         cio_seek(cio, box.init_pos + 8);
         cio_skip(cio, box.length - 8);
         }
@@ -709,12 +717,14 @@
       {
       if( !jp2_read_cmap(jp2, cio, &box, color))
         {
+        if (box.length <= 8) return OPJ_FALSE;
         cio_seek(cio, box.init_pos + 8);
         cio_skip(cio, box.length - 8);
         }
       if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
       continue;
       }
+    if (box.length <= 8) return OPJ_FALSE;
     cio_seek(cio, box.init_pos + 8);
     cio_skip(cio, box.length - 8);
     if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
@@ -910,12 +920,14 @@
   }
 	do {
 		if(JP2_JP2C != box.type) {
+			if (box.length <= 8) return OPJ_FALSE;
 			cio_skip(cio, box.length - 8);
 			if( jp2_read_boxhdr(cinfo, cio, &box) == OPJ_FALSE ) return OPJ_FALSE;
 		}
 	} while(JP2_JP2C != box.type);

 	*j2k_codestream_offset = cio_tell(cio);
+	if (box.length <= 8) return OPJ_FALSE;
 	*j2k_codestream_length = box.length - 8;

 	return OPJ_TRUE;