summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch')
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch36
1 files changed, 36 insertions, 0 deletions
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
new file mode 100644
index 00000000000..7205c980fc2
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
@@ -0,0 +1,36 @@
+https://github.com/ArtifexSoftware/jbig2dec/commit/f6d326878893dc92b45cbd18e25ab4d2b3a8db73
+----
+From f6d326878893dc92b45cbd18e25ab4d2b3a8db73 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 15 Sep 2019 18:12:31 +0200
+Subject: [PATCH] jbig2dec: Add overflow detection for IAID context size.
+
+---
+ jbig2_arith_iaid.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2_arith_iaid.c b/jbig2_arith_iaid.c
+index 78dc830..bbc38a0 100644
+--- a/jbig2_arith_iaid.c
++++ b/jbig2_arith_iaid.c
+@@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx {
+ Jbig2ArithIaidCtx *
+ jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
+ {
+- Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+- int ctx_size = 1 << SBSYMCODELEN;
++ Jbig2ArithIaidCtx *result;
++ size_t ctx_size;
+
++ if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
++ {
++ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
++ return NULL;
++ }
++
++ ctx_size = 1 << SBSYMCODELEN;
++
++ result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+ if (result == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
+ return NULL;