summaryrefslogtreecommitdiff
path: root/extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch
diff options
context:
space:
mode:
Diffstat (limited to 'extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch')
-rw-r--r--extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch b/extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch
new file mode 100644
index 000000000..f9d68ef4b
--- /dev/null
+++ b/extra/openjpeg/openjpeg-1.5.1-CVE-2013-6887.patch
@@ -0,0 +1,30 @@
+diff -up openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 openjpeg-1.5.1/libopenjpeg/j2k.c
+--- openjpeg-1.5.1/libopenjpeg/j2k.c.CVE-2013-6887 2014-01-07 15:13:20.297114457 -0600
++++ openjpeg-1.5.1/libopenjpeg/j2k.c 2014-01-07 15:13:20.302114404 -0600
+@@ -1697,8 +1697,11 @@ static void j2k_read_eoc(opj_j2k_t *j2k)
+ else {
+ for (i = 0; i < j2k->cp->tileno_size; i++) {
+ tileno = j2k->cp->tileno[i];
+- opj_free(j2k->tile_data[tileno]);
+- j2k->tile_data[tileno] = NULL;
++ /* not sure if this can actually happen */
++ if (tileno != -1) {
++ opj_free(j2k->tile_data[tileno]);
++ j2k->tile_data[tileno] = NULL;
++ }
+ }
+ }
+ if (j2k->state & J2K_STATE_ERR)
+@@ -1858,8 +1861,10 @@ void j2k_destroy_decompress(opj_j2k_t *j
+ if(j2k->cp != NULL) {
+ for (i = 0; i < j2k->cp->tileno_size; i++) {
+ int tileno = j2k->cp->tileno[i];
+- opj_free(j2k->tile_data[tileno]);
+- j2k->tile_data[tileno] = NULL;
++ if (tileno != -1) {
++ opj_free(j2k->tile_data[tileno]);
++ j2k->tile_data[tileno] = NULL;
++ }
+ }
+ }
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-08 11:47:56 +0000