aboutsummaryrefslogtreecommitdiffstats
path: root/main/openjpeg/CVE-2020-27823.patch
blob: 58193afd4c255c55e8338b1b4363f03238f866f0 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
From 40b4a8ea26a16cf95d9a63cec928eb0fbe65e04e Mon Sep 17 00:00:00 2001
From: Leo <thinkabit.ukim@gmail.com>
Date: Wed, 23 Dec 2020 00:01:02 -0300
Subject: [PATCH 2/3] CVE-2020-27823

---
 src/bin/jp2/convertpng.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bin/jp2/convertpng.c b/src/bin/jp2/convertpng.c
index 44d985f..1559c8f 100644
--- a/src/bin/jp2/convertpng.c
+++ b/src/bin/jp2/convertpng.c
@@ -223,9 +223,9 @@ opj_image_t *pngtoimage(const char *read_idf, opj_cparameters_t * params)
     image->x0 = (OPJ_UINT32)params->image_offset_x0;
     image->y0 = (OPJ_UINT32)params->image_offset_y0;
     image->x1 = (OPJ_UINT32)(image->x0 + (width  - 1) * (OPJ_UINT32)
-                             params->subsampling_dx + 1 + image->x0);
+                             params->subsampling_dx + 1);
     image->y1 = (OPJ_UINT32)(image->y0 + (height - 1) * (OPJ_UINT32)
-                             params->subsampling_dy + 1 + image->y0);
+                             params->subsampling_dy + 1);
 
     row32s = (OPJ_INT32 *)malloc((size_t)width * nr_comp * sizeof(OPJ_INT32));
     if (row32s == NULL) {
-- 
2.29.2