meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-27824.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

From 6daf5f3e1ec6eff03b7982889874a3de6617db8d Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Mon, 30 Nov 2020 22:37:07 +0100
Subject: [PATCH] Encoder: avoid global buffer overflow on irreversible
 conversion when too many decomposition levels are specified (fixes #1286)

Upstream-Status: Backport [https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openjpeg2/2.3.1-1ubuntu4.20.04.1/openjpeg2_2.3.1-1ubuntu4.20.04.1.debian.tar.xz]
CVE: CVE-2020-27824
Signed-off-by: Virendra Thakur <virendra.thakur@kpit.com>
---
 src/lib/openjp2/dwt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
@@ -1293,7 +1293,7 @@ void opj_dwt_calc_explicit_stepsizes(opj
         if (tccp->qntsty == J2K_CCP_QNTSTY_NOQNT) {
             stepsize = 1.0;
         } else {
-            OPJ_FLOAT64 norm = opj_dwt_norms_real[orient][level];
+            OPJ_FLOAT64 norm = opj_dwt_getnorm_real(level, orient);
             stepsize = (1 << (gain)) / norm;
         }
         opj_dwt_encode_stepsize((OPJ_INT32) floor(stepsize * 8192.0),