|
|
@@ -1,41 +0,0 @@
|
|
|
-From f809b80c67717c152a5ad30bf06774f00da4fd2d Mon Sep 17 00:00:00 2001
|
|
|
-From: Sebastian Rasmussen <sebras@gmail.com>
|
|
|
-Date: Thu, 16 Jan 2025 02:13:43 +0100
|
|
|
-Subject: [PATCH] opj_jp2_read_header: Check for error after parsing header.
|
|
|
-
|
|
|
-Consider the case where the caller has not set the p_image
|
|
|
-pointer to NULL before calling opj_read_header().
|
|
|
-
|
|
|
-If opj_j2k_read_header_procedure() fails while obtaining the rest
|
|
|
-of the marker segment when calling opj_stream_read_data() because
|
|
|
-the data stream is too short, then opj_j2k_read_header() will
|
|
|
-never have the chance to initialize p_image, leaving it
|
|
|
-uninitialized.
|
|
|
-
|
|
|
-opj_jp2_read_header() will check the p_image value whether
|
|
|
-opj_j2k_read_header() suceeded or failed. This may be detected as
|
|
|
-an error in valgrind or ASAN.
|
|
|
-
|
|
|
-The fix is to check whether opj_j2k_read_header() suceeded before
|
|
|
-using the output argument p_image.
|
|
|
-
|
|
|
-Upstream: https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d
|
|
|
-CVE: CVE-2025-54874
|
|
|
-Signed-off-by: Thomas Perale <thomas.perale@mind.be>
|
|
|
----
|
|
|
- src/lib/openjp2/jp2.c | 2 +-
|
|
|
- 1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
-
|
|
|
-diff --git a/src/lib/openjp2/jp2.c b/src/lib/openjp2/jp2.c
|
|
|
-index 4df055a54..da5063186 100644
|
|
|
---- a/src/lib/openjp2/jp2.c
|
|
|
-+++ b/src/lib/openjp2/jp2.c
|
|
|
-@@ -2873,7 +2873,7 @@ OPJ_BOOL opj_jp2_read_header(opj_stream_private_t *p_stream,
|
|
|
- p_image,
|
|
|
- p_manager);
|
|
|
-
|
|
|
-- if (p_image && *p_image) {
|
|
|
-+ if (ret && p_image && *p_image) {
|
|
|
- /* Set Image Color Space */
|
|
|
- if (jp2->enumcs == 16) {
|
|
|
- (*p_image)->color_space = OPJ_CLRSPC_SRGB;
|
Peter Korsgaard