Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 170366 Details for
Bug 222819
media-libs/jasper <1.900.1-r3 multiple vulnerabilities (CVE-2008-{3520,3521,3522})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
jasper-1.900.1-CVE-2008-3520-redhat-additions.patch
jasper-1.900.1-CVE-2008-3520-redhat-additions.patch (text/plain), 8.02 KB, created by
Robert Buchholz (RETIRED)
on 2008-10-30 23:29:42 UTC
(
hide
)
Description:
jasper-1.900.1-CVE-2008-3520-redhat-additions.patch
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2008-10-30 23:29:42 UTC
Size:
8.02 KB
patch
obsolete
>Index: jasper-1.900.1/src/libjasper/base/jas_icc.c >=================================================================== >--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c >+++ jasper-1.900.1/src/libjasper/base/jas_icc.c >@@ -1461,8 +1461,8 @@ static int jas_icclut16_input(jas_iccatt > goto error; > clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; > if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) || >- !(lut16->intabsbuf = jas_malloc(lut16->numinchans * >- lut16->numintabents * sizeof(jas_iccuint16_t))) || >+ !(lut16->intabsbuf = jas_alloc3(lut16->numinchans, >+ lut16->numintabents, sizeof(jas_iccuint16_t))) || > !(lut16->intabs = jas_alloc2(lut16->numinchans, > sizeof(jas_iccuint16_t *)))) > goto error; >Index: jasper-1.900.1/src/libjasper/jp2/jp2_cod.c >=================================================================== >--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c >+++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c >@@ -372,7 +372,7 @@ static int jp2_bpcc_getdata(jp2_box_t *b > jp2_bpcc_t *bpcc = &box->data.bpcc; > unsigned int i; > bpcc->numcmpts = box->datalen; >- if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) { >+ if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { > return -1; > } > for (i = 0; i < bpcc->numcmpts; ++i) { >@@ -416,7 +416,7 @@ static int jp2_colr_getdata(jp2_box_t *b > break; > case JP2_COLR_ICC: > colr->iccplen = box->datalen - 3; >- if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) { >+ if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) { > return -1; > } > if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) { >@@ -453,7 +453,7 @@ static int jp2_cdef_getdata(jp2_box_t *b > if (jp2_getuint16(in, &cdef->numchans)) { > return -1; > } >- if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) { >+ if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) { > return -1; > } > for (channo = 0; channo < cdef->numchans; ++channo) { >@@ -766,7 +766,7 @@ static int jp2_cmap_getdata(jp2_box_t *b > unsigned int i; > > cmap->numchans = (box->datalen) / 4; >- if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) { >+ if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) { > return -1; > } > for (i = 0; i < cmap->numchans; ++i) { >@@ -832,10 +832,10 @@ static int jp2_pclr_getdata(jp2_box_t *b > return -1; > } > lutsize = pclr->numlutents * pclr->numchans; >- if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) { >+ if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) { > return -1; > } >- if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) { >+ if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) { > return -1; > } > for (i = 0; i < pclr->numchans; ++i) { >Index: jasper-1.900.1/src/libjasper/jp2/jp2_dec.c >=================================================================== >--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c >+++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c >@@ -338,7 +338,7 @@ jas_image_t *jp2_decode(jas_stream_t *in > } > > /* Allocate space for the channel-number to component-number LUT. */ >- if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) { >+ if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { > jas_eprintf("error: no memory\n"); > goto error; > } >@@ -356,7 +356,7 @@ jas_image_t *jp2_decode(jas_stream_t *in > if (cmapent->map == JP2_CMAP_DIRECT) { > dec->chantocmptlut[channo] = channo; > } else if (cmapent->map == JP2_CMAP_PALETTE) { >- lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t)); >+ lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); > for (i = 0; i < pclrd->numlutents; ++i) { > lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; > } >Index: jasper-1.900.1/src/libjasper/jpc/jpc_dec.c >=================================================================== >--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c >+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c >@@ -449,7 +449,7 @@ static int jpc_dec_process_sot(jpc_dec_t > > if (dec->state == JPC_MH) { > >- compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t)); >+ compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t)); > assert(compinfos); > for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos; > cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) { >@@ -692,7 +692,7 @@ static int jpc_dec_tileinit(jpc_dec_t *d > tile->realmode = 1; > } > tcomp->numrlvls = ccp->numrlvls; >- if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls * >+ if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, > sizeof(jpc_dec_rlvl_t)))) { > return -1; > } >@@ -764,7 +764,7 @@ rlvl->bands = 0; > rlvl->cbgheightexpn); > > rlvl->numbands = (!rlvlno) ? 1 : 3; >- if (!(rlvl->bands = jas_malloc(rlvl->numbands * >+ if (!(rlvl->bands = jas_alloc2(rlvl->numbands, > sizeof(jpc_dec_band_t)))) { > return -1; > } >@@ -797,7 +797,7 @@ rlvl->bands = 0; > > assert(rlvl->numprcs); > >- if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) { >+ if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { > return -1; > } > >@@ -834,7 +834,7 @@ rlvl->bands = 0; > if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) { > return -1; > } >- if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) { >+ if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { > return -1; > } > >@@ -1181,7 +1181,7 @@ static int jpc_dec_process_siz(jpc_dec_t > return -1; > } > >- if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) { >+ if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) { > return -1; > } > >@@ -1204,7 +1204,7 @@ static int jpc_dec_process_siz(jpc_dec_t > dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); > dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); > dec->numtiles = dec->numhtiles * dec->numvtiles; >- if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) { >+ if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { > return -1; > } > >@@ -1228,7 +1228,7 @@ static int jpc_dec_process_siz(jpc_dec_t > tile->pkthdrstreampos = 0; > tile->pptstab = 0; > tile->cp = 0; >- if (!(tile->tcomps = jas_malloc(dec->numcomps * >+ if (!(tile->tcomps = jas_alloc2(dec->numcomps, > sizeof(jpc_dec_tcomp_t)))) { > return -1; > } >@@ -1491,7 +1491,7 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u > cp->numlyrs = 0; > cp->mctid = 0; > cp->csty = 0; >- if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) { >+ if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) { > return 0; > } > if (!(cp->pchglist = jpc_pchglist_create())) { >@@ -2050,7 +2050,7 @@ jpc_streamlist_t *jpc_streamlist_create( > } > streamlist->numstreams = 0; > streamlist->maxstreams = 100; >- if (!(streamlist->streams = jas_malloc(streamlist->maxstreams * >+ if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams, > sizeof(jas_stream_t *)))) { > jas_free(streamlist); > return 0; >@@ -2070,8 +2070,8 @@ int jpc_streamlist_insert(jpc_streamlist > /* Grow the array of streams if necessary. */ > if (streamlist->numstreams >= streamlist->maxstreams) { > newmaxstreams = streamlist->maxstreams + 1024; >- if (!(newstreams = jas_realloc(streamlist->streams, >- (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) { >+ if (!(newstreams = jas_realloc2(streamlist->streams, >+ (newmaxstreams + 1024), sizeof(jas_stream_t *)))) { > return -1; > } > for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) { >@@ -2157,8 +2157,7 @@ int jpc_ppxstab_grow(jpc_ppxstab_t *tab, > { > jpc_ppxstabent_t **newents; > if (tab->maxents < maxents) { >- newents = (tab->ents) ? jas_realloc(tab->ents, maxents * >- sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *)); >+ newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *)); > if (!newents) { > return -1; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=170366">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 222819
:
163282
|
163324
|
163328
|
163329
| 170366
