diff options
Diffstat (limited to 'main/openjpeg/CVE-2016-7163-2.patch')
| -rw-r--r-- | main/openjpeg/CVE-2016-7163-2.patch | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/main/openjpeg/CVE-2016-7163-2.patch b/main/openjpeg/CVE-2016-7163-2.patch new file mode 100644 index 0000000000..71af3d7561 --- /dev/null +++ b/main/openjpeg/CVE-2016-7163-2.patch @@ -0,0 +1,26 @@ +From ef01f18dfc6780b776d0674ed3e7415c6ef54d24 Mon Sep 17 00:00:00 2001 +From: Matthieu Darbois <mayeut@users.noreply.github.com> +Date: Thu, 8 Sep 2016 07:34:46 +0200 +Subject: [PATCH] Cast to size_t before multiplication + +Need to cast to size_t before multiplication otherwise overflow check is useless. +--- + src/lib/openjp2/pi.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c +index 36e2ff0..809b33d 100644 +--- a/src/lib/openjp2/pi.c ++++ b/src/lib/openjp2/pi.c +@@ -1241,7 +1241,7 @@ opj_pi_iterator_t *opj_pi_create_decode(opj_image_t *p_image, + l_current_pi->include = 00; + if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U))) + { +- l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16)); ++ l_current_pi->include = (OPJ_INT16*) opj_calloc((size_t)(l_tcp->numlayers + 1U) * l_step_l, sizeof(OPJ_INT16)); + } + + if +-- +2.10.0 + |