Apply 03-CVE-2011-4516-and-CVE-2011-4517 patch from debian libjasper-dev (1.900.1-13) package

70fed019 · Andrey Kamaev · c7db1c1c · 70fed019
Commit 70fed019 authored Aug 28, 2012 by Andrey Kamaev
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 1 deletion

jpc_cs.c 3rdparty/libjasper/jpc_cs.c +5 -1

No files found.
--- a/3rdparty/libjasper/jpc_cs.c
+++ b/3rdparty/libjasper/jpc_cs.c
@@ -743,6 +743,10 @@ static int jpc_cox_getcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
 		return -1;
 	}
 	compparms->numrlvls = compparms->numdlvls + 1;
+	if (compparms->numrlvls > JPC_MAXRLVLS) {
+		jpc_cox_destroycompparms(compparms);
+		return -1;
+	}
 	if (prtflag) {
 		for (i = 0; i < compparms->numrlvls; ++i) {
 			if (jpc_getuint8(in, &tmp)) {
@@ -1330,7 +1334,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in
 	jpc_crgcomp_t *comp;
 	uint_fast16_t compno;
 	crg->numcomps = cstate->numcomps;
-	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
 		return -1;
 	}
 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;