aboutsummaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch')
-rw-r--r--meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch24
1 files changed, 24 insertions, 0 deletions
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch
new file mode 100644
index 0000000000..5f3deb4dda
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch
@@ -0,0 +1,24 @@
+From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 30 Nov 2020 22:37:07 +0100
+Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible
+ conversion when too many decomposition levels are specified (fixes #1286)
+
+Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz]
+CVE: CVE-2020-27824
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ src/lib/openjp2/dwt.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj
+ if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
+ stepsize = 1.0;
+ } else {
+- OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
++ OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
+ stepsize = (1 << (gain)) / norm;
+ }
+ opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-26 14:27:43 +0000