gentoo resync : 12.05.2022

author: V3n3RiX <venerix@koprulu.sector> 2022-05-12 16:42:50 +0300
committer: V3n3RiX <venerix@koprulu.sector> 2022-05-12 16:42:50 +0300
commit: 752d6256e5204b958b0ef7905675a940b5e9172f (patch)
tree: 330d16e6362a49cbed8875a777fe641a43376cd3 /media-libs/openjpeg/files
parent: 0c100b7dd2b30e75b799d806df4ef899fd98e1ea (diff)
2 files changed, 109 insertions, 0 deletions
diff --git a/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch
new file mode 100644
index 000000000000..3733a1b94545
--- /dev/null
+++ b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-avoid-mult-overflow.patch
@@ -0,0 +1,52 @@
+Upstream: https://github.com/uclouvain/openjpeg/commit/1daaa0b909aebdf71be36238d16dfbec83c494ed
+Bug: https://bugs.gentoo.org/783513
+CVE-2021-29338
+--- a/src/bin/jp2/opj_compress.c
++++ b/src/bin/jp2/opj_compress.c
+@@ -1967,7 +1967,7 @@ int main(int argc, char **argv)
+                 goto fin;
+             }
+             for (i = 0; i < num_images; i++) {
+-                dirptr->filename[i] = dirptr->filename_buf + i * OPJ_PATH_LEN;
++                dirptr->filename[i] = dirptr->filename_buf + (size_t)i * OPJ_PATH_LEN;
+             }
+         }
+         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1367,7 +1367,6 @@ int main(int argc, char **argv)
+     if (img_fol.set_imgdir == 1) {
+         int it_image;
+         num_images = get_num_images(img_fol.imgdirpath);
+-
+         dirptr = (dircnt_t*)calloc(1, sizeof(dircnt_t));
+         if (!dirptr) {
+             destroy_parameters(&parameters);
+@@ -1387,7 +1386,8 @@ int main(int argc, char **argv)
+             goto fin;
+         }
+         for (it_image = 0; it_image < num_images; it_image++) {
+-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
++            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
++                                         OPJ_PATH_LEN;
+         }
+ 
+         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+--- a/src/bin/jp2/opj_dump.c
++++ b/src/bin/jp2/opj_dump.c
+@@ -529,13 +529,13 @@ int main(int argc, char *argv[])
+         }
+ 
+         for (it_image = 0; it_image < num_images; it_image++) {
+-            dirptr->filename[it_image] = dirptr->filename_buf + it_image * OPJ_PATH_LEN;
++            dirptr->filename[it_image] = dirptr->filename_buf + (size_t)it_image *
++                                         OPJ_PATH_LEN;
+         }
+ 
+         if (load_images(dirptr, img_fol.imgdirpath) == 1) {
+             goto fails;
+         }
+-
+         if (num_images == 0) {
+             fprintf(stdout, "Folder is empty\n");
+             goto fails;
diff --git a/media-libs/openjpeg/files/openjpeg-2.4.0-r3-fix-integer-overflow.patch b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-fix-integer-overflow.patch
new file mode 100644
index 000000000000..6ceb5be8f6d1
--- /dev/null
+++ b/media-libs/openjpeg/files/openjpeg-2.4.0-r3-fix-integer-overflow.patch
@@ -0,0 +1,57 @@
+opj_compress/opj_uncompress: fix integer overflow in num_images
+CVE-2021-29338
+Bug 783513
+Upstream: https://github.com/uclouvain/openjpeg/commit/79c7d7af598b778c3cdcb455df23d50efc95eb3c
+--- a/src/bin/jp2/opj_compress.c
++++ b/src/bin/jp2/opj_compress.c
+@@ -1959,9 +1959,9 @@ int main(int argc, char **argv)
+         num_images = get_num_images(img_fol.imgdirpath);
+         dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
+         if (dirptr) {
+-            dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof(
++            dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
+                     char)); /* Stores at max 10 image file names*/
+-            dirptr->filename = (char**) malloc(num_images * sizeof(char*));
++            dirptr->filename = (char**) calloc(num_images, sizeof(char*));
+             if (!dirptr->filename_buf) {
+                 ret = 0;
+                 goto fin;
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1374,14 +1374,13 @@ int main(int argc, char **argv)
+             return EXIT_FAILURE;
+         }
+         /* Stores at max 10 image file names */
+-        dirptr->filename_buf = (char*)malloc(sizeof(char) *
+-                                             (size_t)num_images * OPJ_PATH_LEN);
++        dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
+         if (!dirptr->filename_buf) {
+             failed = 1;
+             goto fin;
+         }
+ 
+-        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
++        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
+ 
+         if (!dirptr->filename) {
+             failed = 1;
+--- a/src/bin/jp2/opj_dump.c
++++ b/src/bin/jp2/opj_dump.c
+@@ -515,13 +515,14 @@ int main(int argc, char *argv[])
+         if (!dirptr) {
+             return EXIT_FAILURE;
+         }
+-        dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof(
+-                char)); /* Stores at max 10 image file names*/
++        /* Stores at max 10 image file names*/
++        dirptr->filename_buf = (char*) calloc((size_t) num_images,
++                                              OPJ_PATH_LEN * sizeof(char));
+         if (!dirptr->filename_buf) {
+             free(dirptr);
+             return EXIT_FAILURE;
+         }
+-        dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
++        dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
+ 
+         if (!dirptr->filename) {
+             goto fails;
author	V3n3RiX <venerix@koprulu.sector>	2022-05-12 16:42:50 +0300
committer	V3n3RiX <venerix@koprulu.sector>	2022-05-12 16:42:50 +0300
commit	752d6256e5204b958b0ef7905675a940b5e9172f (patch)
tree	330d16e6362a49cbed8875a777fe641a43376cd3 /media-libs/openjpeg/files
parent	0c100b7dd2b30e75b799d806df4ef899fd98e1ea (diff)