diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-25 14:59:09 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2013-11-25 14:59:09 +0000 |
commit | 43192905007c117b9aeafd47dad3eaf9dc68205c (patch) | |
tree | 919db0af9eecc95e7b27c7cf65724d828224fb85 /main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch | |
parent | d165558afab0b1b4f298c78e673853393c3891ab (diff) | |
download | aports-43192905007c117b9aeafd47dad3eaf9dc68205c.tar.bz2 aports-43192905007c117b9aeafd47dad3eaf9dc68205c.tar.xz |
main/libjpeg-turbo: security fix (CVE-2013-6629,CVE-2013-6630)
Diffstat (limited to 'main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch')
-rw-r--r-- | main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch new file mode 100644 index 000000000..7a93d4be2 --- /dev/null +++ b/main/libjpeg-turbo/CVE-2013-6629-CVE-2013-6630.patch @@ -0,0 +1,34 @@ +--- a/jdmarker.c ++++ b/jdmarker.c +@@ -304,7 +304,7 @@ + /* Process a SOS marker */ + { + INT32 length; +- int i, ci, n, c, cc; ++ int i, ci, n, c, cc, pi; + jpeg_component_info * compptr; + INPUT_VARS(cinfo); + +@@ -348,6 +348,13 @@ + + TRACEMS3(cinfo, 1, JTRC_SOS_COMPONENT, cc, + compptr->dc_tbl_no, compptr->ac_tbl_no); ++ ++ /* This CSi (cc) should differ from the previous CSi */ ++ for (pi = 0; pi < i; pi++) { ++ if (cinfo->cur_comp_info[pi] == compptr) { ++ ERREXIT1(cinfo, JERR_BAD_COMPONENT_ID, cc); ++ } ++ } + } + + /* Collect the additional scan parameters Ss, Se, Ah/Al. */ +@@ -464,6 +471,8 @@ + + for (i = 0; i < count; i++) + INPUT_BYTE(cinfo, huffval[i], return FALSE); ++ ++ MEMZERO(&huffval[count], (256 - count) * SIZEOF(UINT8)); + + length -= count; + |