[oe] [meta-oe][PATCH 1/1] openjpeg: fix CVE-2020-15389

Joe Slater Tue, 01 Sep 2020 11:44:46 -0700

Backport from github meta-xilinx-tools.

Signed-off-by: Joe Slater <joe.sla...@windriver.com>
---
 .../openjpeg/openjpeg/CVE-2020-15389.patch    | 51 +++++++++++++++++++
 .../openjpeg/openjpeg_2.3.1.bb                |  1 +
 2 files changed, 52 insertions(+)
 create mode 100644 
meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch


diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch 
b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch
new file mode 100644
index 000000000..5c5d3f48e
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2020-15389.patch
@@ -0,0 +1,51 @@
+From e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.roua...@spatialys.com>
+Date: Sun, 28 Jun 2020 14:19:59 +0200
+Subject: [PATCH] opj_decompress: fix double-free on input directory with mix
+ of valid and invalid images (CVE-2020-15389)
+
+Fixes #1261
+
+Credits to @Ruia-ruia for reporting and analysis.
+---
+ src/bin/jp2/opj_decompress.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+ 
+--- end of original header ---
+
+CVE: CVE-2020-15389
+
+Upstream-Status: Backport [git://github/uclouvain/openjpeg.git]
+
+Signed-off-by: Joe Slater <joe.sla...@windriver.com>
+
+---
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index 7eeb0952..2634907f 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1316,10 +1316,6 @@ static opj_image_t* 
upsample_image_components(opj_image_t* original)
+ int main(int argc, char **argv)
+ {
+     opj_decompress_parameters parameters;           /* decompression 
parameters */
+-    opj_image_t* image = NULL;
+-    opj_stream_t *l_stream = NULL;              /* Stream */
+-    opj_codec_t* l_codec = NULL;                /* Handle to a decompressor */
+-    opj_codestream_index_t* cstr_index = NULL;
+ 
+     OPJ_INT32 num_images, imageno;
+     img_fol_t img_fol;
+@@ -1393,6 +1389,10 @@ int main(int argc, char **argv)
+ 
+     /*Decoding image one by one*/
+     for (imageno = 0; imageno < num_images ; imageno++)  {
++        opj_image_t* image = NULL;
++        opj_stream_t *l_stream = NULL;              /* Stream */
++        opj_codec_t* l_codec = NULL;                /* Handle to a 
decompressor */
++        opj_codestream_index_t* cstr_index = NULL;
+ 
+         if (!parameters.quiet) {
+             fprintf(stderr, "\n");
+-- 
+2.17.1
+
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb 
b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
index 42011efa9..a0740a274 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.3.1.bb
@@ -10,6 +10,7 @@ SRC_URI = " \
     file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
     file://CVE-2020-6851.patch \
     file://CVE-2020-8112.patch \
+    file://CVE-2020-15389.patch \
 "
 SRCREV = "57096325457f96d8cd07bd3af04fe81d7a2ba788"
 S = "${WORKDIR}/git"
-- 
2.17.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#86760): 
https://lists.openembedded.org/g/openembedded-devel/message/86760
Mute This Topic: https://lists.openembedded.org/mt/76565562/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub  
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

[oe] [meta-oe][PATCH 1/1] openjpeg: fix CVE-2020-15389

Reply via email to