summarylogtreecommitdiffstats
path: root/jasper-1.900.1-CVE-2015-5203.patch
diff options
context:
space:
mode:
Diffstat (limited to 'jasper-1.900.1-CVE-2015-5203.patch')
-rw-r--r--jasper-1.900.1-CVE-2015-5203.patch197
1 files changed, 0 insertions, 197 deletions
diff --git a/jasper-1.900.1-CVE-2015-5203.patch b/jasper-1.900.1-CVE-2015-5203.patch
deleted file mode 100644
index c4b9b649c4e3..000000000000
--- a/jasper-1.900.1-CVE-2015-5203.patch
+++ /dev/null
@@ -1,197 +0,0 @@
-From a0ad33bedb339e4f9f35f9637a976320ec81f508 Mon Sep 17 00:00:00 2001
-From: mancha <mancha1 AT zoho DOT com>
-Date: Mon, 17 Aug 2015
-Subject: CVE-2015-5203
-
-Prevent integer conversion errors.
-
-jasper is vulnerable to integer conversion errors that can be leveraged,
-via crafted input, to trigger faults such as double free's. This patch
-addresses that by using size_t for buffer sizes.
-
----
- src/libjasper/base/jas_stream.c | 10 +++++-----
- src/libjasper/include/jasper/jas_stream.h | 8 ++++----
- src/libjasper/jpc/jpc_qmfb.c | 16 ++++++++--------
- src/libjasper/mif/mif_cod.c | 4 ++--
- 4 files changed, 19 insertions(+), 19 deletions(-)
-
---- a/src/libjasper/include/jasper/jas_stream.h
-+++ b/src/libjasper/include/jasper/jas_stream.h
-@@ -215,7 +215,7 @@ typedef struct {
- uchar *bufstart_;
-
- /* The buffer size. */
-- int bufsize_;
-+ size_t bufsize_;
-
- /* The current position in the buffer. */
- uchar *ptr_;
-@@ -267,7 +267,7 @@ typedef struct {
- uchar *buf_;
-
- /* The allocated size of the buffer for holding file data. */
-- int bufsize_;
-+ size_t bufsize_;
-
- /* The length of the file. */
- int_fast32_t len_;
-@@ -291,7 +291,7 @@ typedef struct {
- jas_stream_t *jas_stream_fopen(const char *filename, const char *mode);
-
- /* Open a memory buffer as a stream. */
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
-
- /* Open a file descriptor as a stream. */
- jas_stream_t *jas_stream_fdopen(int fd, const char *mode);
-@@ -366,7 +366,7 @@ int jas_stream_printf(jas_stream_t *stre
- int jas_stream_puts(jas_stream_t *stream, const char *s);
-
- /* Read a line of input from a stream. */
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize);
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize);
-
- /* Look at the next character to be read from a stream without actually
- removing it from the stream. */
---- a/src/libjasper/base/jas_stream.c
-+++ b/src/libjasper/base/jas_stream.c
-@@ -99,7 +99,7 @@ static int jas_strtoopenmode(const char
- static void jas_stream_destroy(jas_stream_t *stream);
- static jas_stream_t *jas_stream_create(void);
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-- int bufsize);
-+ size_t bufsize);
-
- static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt);
- static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt);
-@@ -168,7 +168,7 @@ static jas_stream_t *jas_stream_create()
- return stream;
- }
-
--jas_stream_t *jas_stream_memopen(char *buf, int bufsize)
-+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize)
- {
- jas_stream_t *stream;
- jas_stream_memobj_t *obj;
-@@ -570,7 +570,7 @@ int jas_stream_puts(jas_stream_t *stream
- return 0;
- }
-
--char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
-+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- int c;
- char *bufptr;
-@@ -694,7 +694,7 @@ long jas_stream_tell(jas_stream_t *strea
- \******************************************************************************/
-
- static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-- int bufsize)
-+ size_t bufsize)
- {
- /* If this function is being called, the buffer should not have been
- initialized yet. */
-@@ -987,7 +987,7 @@ static int mem_read(jas_stream_obj_t *ob
- return cnt;
- }
-
--static int mem_resize(jas_stream_memobj_t *m, int bufsize)
-+static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
- {
- unsigned char *buf;
-
---- a/src/libjasper/jpc/jpc_qmfb.c
-+++ b/src/libjasper/jpc/jpc_qmfb.c
-@@ -305,7 +305,7 @@ jpc_qmfb2d_t jpc_ns_qmfb2d = {
- void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;#if !defined(HAVE_VLA)
-@@ -373,7 +373,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
- jpc_fix_t *buf = splitbuf;
- register jpc_fix_t *srcptr;
-@@ -441,7 +441,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
-@@ -530,7 +530,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- int stride, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = splitbuf;
- jpc_fix_t *srcptr;
-@@ -618,7 +618,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
- void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numcols, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
-@@ -683,7 +683,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
- jpc_fix_t *buf = joinbuf;
- register jpc_fix_t *srcptr;
-@@ -748,7 +748,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
- int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
-@@ -834,7 +834,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
- int stride, int parity)
- {
-
-- int bufsize = JPC_CEILDIVPOW2(numrows, 1);
-+ size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
- jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
- jpc_fix_t *buf = joinbuf;
- jpc_fix_t *srcptr;
---- a/src/libjasper/mif/mif_cod.c
-+++ b/src/libjasper/mif/mif_cod.c
-@@ -107,7 +107,7 @@ static int mif_hdr_put(mif_hdr_t *hdr, j
- static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
- static mif_cmpt_t *mif_cmpt_create(void);
- static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
--static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
-+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
- static int mif_getc(jas_stream_t *in);
- static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
-
-@@ -658,7 +658,7 @@ static void mif_cmpt_destroy(mif_cmpt_t
- * MIF parsing code.
- \******************************************************************************/
-
--static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
-+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
- {
- int c;
- char *bufptr;