main/openjpeg: security fixes

- CVE-2017-14040
- CVE-2017-14041
- CVE-2017-14151
- CVE-2017-14152
- CVE-2017-14164

Fixes partially #7825.
Not yet fixed CVE-2017-14039 since patch is not available for 2.2.0

1 files changed, 35 insertions, 0 deletions

diff --git a/main/openjpeg/CVE-2017-14152.patch b/main/openjpeg/CVE-2017-14152.patch
new file mode 100644
index 0000000000..d165090a1a
--- /dev/null
+++ b/main/openjpeg/CVE-2017-14152.patch
@@ -0,0 +1,35 @@
+From 4241ae6fbbf1de9658764a80944dc8108f2b4154 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 15 Aug 2017 11:55:58 +0200
+Subject: [PATCH] Fix assertion in debug mode / heap-based buffer overflow in
+ opj_write_bytes_LE for Cinema profiles with numresolutions = 1 (#985)
+
+---
+ src/lib/openjp2/j2k.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index a2521ebbc..54b490a8c 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -6573,10 +6573,16 @@ static void opj_j2k_set_cinema_parameters(opj_cparameters_t *parameters,
+ 
+     /* Precincts */
+     parameters->csty |= 0x01;
+-    parameters->res_spec = parameters->numresolution - 1;
+-    for (i = 0; i < parameters->res_spec; i++) {
+-        parameters->prcw_init[i] = 256;
+-        parameters->prch_init[i] = 256;
++    if (parameters->numresolution == 1) {
++        parameters->res_spec = 1;
++        parameters->prcw_init[0] = 128;
++        parameters->prch_init[0] = 128;
++    } else {
++        parameters->res_spec = parameters->numresolution - 1;
++        for (i = 0; i < parameters->res_spec; i++) {
++            parameters->prcw_init[i] = 256;
++            parameters->prch_init[i] = 256;
++        }
+     }
+ 
+     /* The progression order shall be CPRL */