jasper: patch for CVE-2016-1867

2024-11-02 07:31:26 +00:00 · 2016-02-27 14:48:29 -06:00 · 2016-02-27 14:48:29 -06:00 · 77134ea4a5
commit 77134ea4a5
parent a1b69275af
2 changed files with 13 additions and 1 deletions
--- a/pkgs/development/libraries/jasper/default.nix
+++ b/pkgs/development/libraries/jasper/default.nix
@ -9,6 +9,7 @@ stdenv.mkDerivation rec {
  };

  patches = [
+    ./jasper-CVE-2016-1867.diff
    ./jasper-CVE-2014-8137-variant2.diff
    ./jasper-CVE-2014-8137-noabort.diff
    ./jasper-CVE-2014-8138.diff
@ -21,7 +22,7 @@ stdenv.mkDerivation rec {
  propagatedBuildInputs = [ libjpeg ];

  configureFlags = "--enable-shared";
-  
+
  meta = {
    homepage = https://www.ece.uvic.ca/~frodo/jasper/;
    description = "JPEG2000 Library";
--- a/pkgs/development/libraries/jasper/jasper-CVE-2016-1867.diff
+++ b/pkgs/development/libraries/jasper/jasper-CVE-2016-1867.diff
@ -0,0 +1,11 @@
+--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2016-01-14 14:22:24.569056412 +0100
+@@ -429,7 +429,7 @@
+ 	}
+
+ 	for (pi->compno = pchg->compnostart, pi->picomp =
+-	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
+	  &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
+ 	  ++pi->picomp) {
+ 		pirlvl = pi->picomp->pirlvls;
+ 		pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +