b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

jasper: patch for CVE-2016-1867

Browse source
This commit is contained in:
Graham Christensen 2016-02-27 14:48:29 -06:00
parent a1b69275af
commit 77134ea4a5
2 changed files with 13 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
pkgs/development/libraries/jasper/default.nix
View file

@ -9,6 +9,7 @@ stdenv.mkDerivation rec {
};
patches = [
./jasper-CVE-2016-1867.diff
./jasper-CVE-2014-8137-variant2.diff
./jasper-CVE-2014-8137-noabort.diff
./jasper-CVE-2014-8138.diff
@ -21,7 +22,7 @@ stdenv.mkDerivation rec {
propagatedBuildInputs = [ libjpeg ];
configureFlags = "--enable-shared";
meta = {
homepage = https://www.ece.uvic.ca/~frodo/jasper/;
description = "JPEG2000 Library";

11
pkgs/development/libraries/jasper/jasper-CVE-2016-1867.diff Normal file
View file

@ -0,0 +1,11 @@
--- jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2007-01-19 22:43:07.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c 2016-01-14 14:22:24.569056412 +0100
@@ -429,7 +429,7 @@
}
for (pi->compno = pchg->compnostart, pi->picomp =
- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
+ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
++pi->picomp) {
pirlvl = pi->picomp->pirlvls;
pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +