CVE-2016-9572_CVE-2016-9573.patch 5.22 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145
diff -Naur openjpeg2-2.1.0.orig/src/bin/jp2/convert.c openjpeg2-2.1.0/src/bin/jp2/convert.c
--- openjpeg2-2.1.0.orig/src/bin/jp2/convert.c	2014-04-29 09:15:02.000000000 +0200
+++ openjpeg2-2.1.0/src/bin/jp2/convert.c	2017-01-14 18:03:38.635775336 +0100
@@ -433,7 +433,8 @@
     for (i = 0; i < image->numcomps-1; i++)	{
         if ((image->comps[0].dx != image->comps[i+1].dx)
                 ||(image->comps[0].dy != image->comps[i+1].dy)
-                ||(image->comps[0].prec != image->comps[i+1].prec))	{
+                ||(image->comps[0].prec != image->comps[i+1].prec)
+				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
             return 1;
         }
@@ -1951,7 +1952,7 @@
     int *red, *green, *blue, *alpha;
     int wr, hr, max;
     int i;
-    unsigned int compno, ncomp;
+    unsigned int compno, ncomp, ui;
     int adjustR, adjustG, adjustB, adjustA;
     int fails, two, want_gray, has_alpha, triple;
     int prec, v;
@@ -1976,6 +1977,27 @@
 
     if(want_gray) ncomp = 1;
 
+    for (ui = 1; ui < ncomp; ++ui) {
+        if (image->comps[0].dx != image->comps[ui].dx) {
+            break;
+        }
+        if (image->comps[0].dy != image->comps[ui].dy) {
+            break;
+        }
+        if (image->comps[0].prec != image->comps[ui].prec) {
+            break;
+        }
+        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
+            break;
+        }
+    }
+    if (ui != ncomp) {
+        fprintf(stderr,"imagetopnm: All components\n    shall have "
+         "the same subsampling, same bit depth, same sign.\n"
+         "    Aborting\n");
+        return 1;
+    }
+    
     if (ncomp == 2 /* GRAYA */
             || (ncomp > 2 /* RGB, RGBA */
                 && image->comps[0].dx == image->comps[1].dx
@@ -3081,7 +3103,7 @@
 {
     FILE *rawFile = NULL;
     size_t res;
-    unsigned int compno;
+    unsigned int compno, numcomps;
     int w, h, fails;
     int line, row, curr, mask;
     int *ptr;
@@ -3094,6 +3116,31 @@
         return 1;
     }
 
+    numcomps = image->numcomps;
+
+    if (numcomps > 4) {
+        numcomps = 4;
+    }
+    for (compno = 1; compno < numcomps; ++compno) {
+        if (image->comps[0].dx != image->comps[compno].dx) {
+            break;
+        }
+        if (image->comps[0].dy != image->comps[compno].dy) {
+            break;
+        }
+        if (image->comps[0].prec != image->comps[compno].prec) {
+            break;
+        }
+        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
+            break;
+        }
+    }
+    if (compno != numcomps) {
+        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
+        fprintf(stderr,"\tAborting\n");
+        return 1;
+    }
+
     rawFile = fopen(outfile, "wb");
     if (!rawFile) {
         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
@@ -3101,9 +3148,9 @@
     }
 
     fails = 1;
-    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
+    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
 
-    for(compno = 0; compno < image->numcomps; compno++)
+    for(compno = 0; compno < numcomps; compno++)
     {
         fprintf(stdout,"Component %d characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
@@ -3193,7 +3240,7 @@
         }
         else if (image->comps[compno].prec <= 32)
         {
-            fprintf(stderr,"More than 16 bits per component no handled yet\n");
+            fprintf(stderr,"More than 16 bits per component not handled yet\n");
             goto fin;
         }
         else
diff -Naur openjpeg2-2.1.0.orig/src/lib/openjp2/j2k.c openjpeg2-2.1.0/src/lib/openjp2/j2k.c
--- openjpeg2-2.1.0.orig/src/lib/openjp2/j2k.c	2017-01-14 17:23:21.000000000 +0100
+++ openjpeg2-2.1.0/src/lib/openjp2/j2k.c	2017-01-14 18:03:38.639775323 +0100
@@ -9444,7 +9444,11 @@
         /* Move data and copy one information from codec to output image*/
         for (compno = 0; compno < p_image->numcomps; compno++) {
                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
-                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
+
+		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
+
+                p_j2k->m_output_image->comps[compno].data = NULL;
 #if 0
                 char fn[256];
                 sprintf( fn, "/tmp/%d.raw", compno );
@@ -9452,7 +9456,6 @@
                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
                 fclose( debug );
 #endif
-                p_j2k->m_output_image->comps[compno].data = NULL;
         }
 
         return OPJ_TRUE;
@@ -9546,6 +9549,8 @@
 
                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
 
+				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
+
                 p_j2k->m_output_image->comps[compno].data = NULL;
         }