aboutsummaryrefslogtreecommitdiffstats
path: root/main/openjpeg/CVE-2021-27844.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/openjpeg/CVE-2021-27844.patch')
-rw-r--r--main/openjpeg/CVE-2021-27844.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/main/openjpeg/CVE-2021-27844.patch b/main/openjpeg/CVE-2021-27844.patch
new file mode 100644
index 0000000000..5791abe1bb
--- /dev/null
+++ b/main/openjpeg/CVE-2021-27844.patch
@@ -0,0 +1,30 @@
+From 73fdf28342e4594019af26eb6a347a34eceb6296 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Wed, 2 Dec 2020 14:10:16 +0100
+Subject: [PATCH] opj_j2k_write_sod(): avoid potential heap buffer overflow
+ (fixes #1299) (probably master only)
+
+---
+ src/lib/openjp2/j2k.c | 9 +++++++--
+ 1 file changed, 7 insertions(+), 2 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 78d459259..8e343ab2e 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -4806,8 +4806,13 @@ static OPJ_BOOL opj_j2k_write_sod(opj_j2k_t *p_j2k,
+ }
+ }
+
+- assert(l_remaining_data >
+- p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT);
++ if (l_remaining_data <
++ p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT) {
++ opj_event_msg(p_manager, EVT_ERROR,
++ "Not enough bytes in output buffer to write SOD marker\n");
++ opj_tcd_marker_info_destroy(marker_info);
++ return OPJ_FALSE;
++ }
+ l_remaining_data -= p_j2k->m_specific_param.m_encoder.m_reserved_bytes_for_PLT;
+
+ if (! opj_tcd_encode_tile(p_tile_coder, p_j2k->m_current_tile_number,