Increase buffer size to prevent crash when 16-bit pixels are replaced by 19-bit coefficients. Backport of upstream patch to work around CVE-2009-5030. diff -Naur OpenJPEG_v1_3.orig/libopenjpeg/tcd.c OpenJPEG_v1_3/libopenjpeg/tcd.c --- OpenJPEG_v1_3.orig/libopenjpeg/tcd.c 2007-12-19 07:28:40.000000000 -0500 +++ OpenJPEG_v1_3/libopenjpeg/tcd.c 2012-06-27 11:11:32.457842087 -0400 @@ -332,7 +332,7 @@ cblk->y0 = int_max(cblkystart, prc->y0); cblk->x1 = int_min(cblkxend, prc->x1); cblk->y1 = int_min(cblkyend, prc->y1); - cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); + cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ cblk->data += 2; cblk->layers = (opj_tcd_layer_t*) opj_calloc(100, sizeof(opj_tcd_layer_t));
distrib
>
Mandriva
>
2011.0
>
i586
>
media
>
main-updates-src
>
by-pkgid
>
1bc3ea135010c7204f26a5e3d9d3a280
>
files
>
1
