1 files changed, 74 insertions, 0 deletions

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch
new file mode 100644
index 0000000000..a1aa49a217
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27845.patch
@@ -0,0 +1,74 @@
+From 8f5aff1dff510a964d3901d0fba281abec98ab63 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Fri, 4 Dec 2020 20:45:25 +0100
+Subject: [PATCH] pi.c: avoid out of bounds access with POC (fixes #1302)
+
+Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz]
+CVE: CVE-2020-27845
+Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
+---
+ src/lib/openjp2/pi.c | 25 +++++++++++++++++++++++--
+ 1 file changed, 23 insertions(+), 2 deletions(-)
+
+--- a/src/lib/openjp2/pi.c
++++ b/src/lib/openjp2/pi.c
+@@ -238,6 +238,13 @@ static OPJ_BOOL opj_pi_next_lrcp(opj_pi_
+     opj_pi_resolution_t *res = NULL;
+     OPJ_UINT32 index = 0;
+ 
++    if (pi->poc.compno0 >= pi->numcomps ||
++            pi->poc.compno1 >= pi->numcomps + 1) {
++        opj_event_msg(pi->manager, EVT_ERROR,
++                      "opj_pi_next_lrcp(): invalid compno0/compno1\n");
++        return OPJ_FALSE;
++    }
++
+     if (!pi->first) {
+         comp = &pi->comps[pi->compno];
+         res = &comp->resolutions[pi->resno];
+@@ -291,6 +298,13 @@ static OPJ_BOOL opj_pi_next_rlcp(opj_pi_
+     opj_pi_resolution_t *res = NULL;
+     OPJ_UINT32 index = 0;
+ 
++    if (pi->poc.compno0 >= pi->numcomps ||
++            pi->poc.compno1 >= pi->numcomps + 1) {
++        opj_event_msg(pi->manager, EVT_ERROR,
++                      "opj_pi_next_rlcp(): invalid compno0/compno1\n");
++        return OPJ_FALSE;
++    }
++
+     if (!pi->first) {
+         comp = &pi->comps[pi->compno];
+         res = &comp->resolutions[pi->resno];
+@@ -337,6 +351,13 @@ static OPJ_BOOL opj_pi_next_rpcl(opj_pi_
+     opj_pi_resolution_t *res = NULL;
+     OPJ_UINT32 index = 0;
+ 
++    if (pi->poc.compno0 >= pi->numcomps ||
++            pi->poc.compno1 >= pi->numcomps + 1) {
++        opj_event_msg(pi->manager, EVT_ERROR,
++                      "opj_pi_next_rpcl(): invalid compno0/compno1\n");
++        return OPJ_FALSE;
++    }
++
+     if (!pi->first) {
+         goto LABEL_SKIP;
+     } else {
+@@ -472,7 +493,7 @@ static OPJ_BOOL opj_pi_next_pcrl(opj_pi_
+     if (pi->poc.compno0 >= pi->numcomps ||
+             pi->poc.compno1 >= pi->numcomps + 1) {
+         opj_event_msg(pi->manager, EVT_ERROR,
+-                      "opj_pi_next_pcrl(): invalid compno0/compno1");
++                      "opj_pi_next_pcrl(): invalid compno0/compno1\n");
+         return OPJ_FALSE;
+     }
+ 
+@@ -610,7 +631,7 @@ static OPJ_BOOL opj_pi_next_cprl(opj_pi_
+     if (pi->poc.compno0 >= pi->numcomps ||
+             pi->poc.compno1 >= pi->numcomps + 1) {
+         opj_event_msg(pi->manager, EVT_ERROR,
+-                      "opj_pi_next_cprl(): invalid compno0/compno1");
++                      "opj_pi_next_cprl(): invalid compno0/compno1\n");
+         return OPJ_FALSE;
+     }
+