graphics/openjpeg: Add patches to resolve CVEs

PR: 212672 MFH: 2016Q4 Security: CVE-2016-5157 Security: CVE-2016-7163
author: Mark Felder <feld@FreeBSD.org> 2016-10-11 15:13:15 +0000
committer: Mark Felder <feld@FreeBSD.org> 2016-10-11 15:13:15 +0000
commit: 5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187 (patch)
tree: 356959c989d2189e1a3cfead33c25575f66a73ff /graphics/openjpeg
parent: 045ce6434f487171986bebac28cd259332c7666b (diff)
download: ports-5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187.tar.gz
ports-5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187.zip
5 files changed, 80 insertions, 0 deletions
diff --git a/graphics/openjpeg/Makefile b/graphics/openjpeg/Makefile
index f4ebc6605419..488a714b9399 100644
--- a/graphics/openjpeg/Makefile
+++ b/graphics/openjpeg/Makefile
@@ -3,6 +3,7 @@
 
 PORTNAME=	openjpeg
 PORTVERSION=	2.1.1
+PORTREVISION=	1
 CATEGORIES=	graphics
 
 MAINTAINER=	sunpoet@FreeBSD.org
diff --git a/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c b/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c
new file mode 100644
index 000000000000..5ee8d6fea3af
--- /dev/null
+++ b/graphics/openjpeg/files/patch-src_lib_openjp2_pi.c
@@ -0,0 +1,17 @@
+--- src/lib/openjp2/pi.c.orig	2016-09-14 00:01:22 UTC
++++ src/lib/openjp2/pi.c
+@@ -1236,7 +1236,13 @@ opj_pi_iterator_t *opj_pi_create_decode(
+ 	l_current_pi = l_pi;
+ 
+ 	/* memory allocation for include */
+-	l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
++	/* prevent an integer overflow issue */
++	l_current_pi->include = 00;
++	if (l_step_l <= (SIZE_MAX / (l_tcp->numlayers + 1U)))
++	{
++		l_current_pi->include = (OPJ_INT16*) opj_calloc((l_tcp->numlayers +1) * l_step_l, sizeof(OPJ_INT16));
++	}
++
+ 	if
+ 		(!l_current_pi->include)
+ 	{
diff --git a/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c b/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c
new file mode 100644
index 000000000000..a42e69fbcd47
--- /dev/null
+++ b/graphics/openjpeg/files/patch-src_lib_openjp2_tcd.c
@@ -0,0 +1,23 @@
+--- src/lib/openjp2/tcd.c.orig	2016-09-14 00:02:27 UTC
++++ src/lib/openjp2/tcd.c
+@@ -706,9 +706,20 @@ static INLINE OPJ_BOOL opj_tcd_init_tile
+ 	l_tx0 = l_cp->tx0 + p * l_cp->tdx; /* can't be greater than l_image->x1 so won't overflow */
+ 	l_tile->x0 = (OPJ_INT32)opj_uint_max(l_tx0, l_image->x0);
+ 	l_tile->x1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_tx0, l_cp->tdx), l_image->x1);
++	/* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */
++	if ((l_tile->x0 < 0) || (l_tile->x1 <= l_tile->x0)) {
++		opj_event_msg(manager, EVT_ERROR, "Tile X coordinates are not supported\n");
++		return OPJ_FALSE;
++	}
+ 	l_ty0 = l_cp->ty0 + q * l_cp->tdy; /* can't be greater than l_image->y1 so won't overflow */
+ 	l_tile->y0 = (OPJ_INT32)opj_uint_max(l_ty0, l_image->y0);
+ 	l_tile->y1 = (OPJ_INT32)opj_uint_min(opj_uint_adds(l_ty0, l_cp->tdy), l_image->y1);
++	/* all those OPJ_UINT32 are casted to OPJ_INT32, let's do some sanity check */
++	if ((l_tile->y0 < 0) || (l_tile->y1 <= l_tile->y0)) {
++		opj_event_msg(manager, EVT_ERROR, "Tile Y coordinates are not supported\n");
++		return OPJ_FALSE;
++	}
++	
+ 
+ 	/* testcase 1888.pdf.asan.35.988 */
+ 	if (l_tccp->numresolutions == 0) {
diff --git a/graphics/openjpeg/files/patch-tests_compare__dump__files.c b/graphics/openjpeg/files/patch-tests_compare__dump__files.c
new file mode 100644
index 000000000000..a79b4ff39a95
--- /dev/null
+++ b/graphics/openjpeg/files/patch-tests_compare__dump__files.c
@@ -0,0 +1,30 @@
+--- tests/compare_dump_files.c.orig	2016-09-14 00:05:13 UTC
++++ tests/compare_dump_files.c
+@@ -118,10 +118,10 @@ int main(int argc, char **argv)
+   test_cmp_parameters inParam;
+   FILE *fbase=NULL, *ftest=NULL;
+   int same = 0;
+-  char lbase[256];
+-  char strbase[256];
+-  char ltest[256];
+-  char strtest[256];
++  char lbase[512];
++  char strbase[512];
++  char ltest[512];
++  char strtest[512];
+ 
+   if( parse_cmdline_cmp(argc, argv, &inParam) == 1 )
+     {
+@@ -154,9 +154,9 @@ int main(int argc, char **argv)
+ 
+   while (fgets(lbase, sizeof(lbase), fbase) && fgets(ltest,sizeof(ltest),ftest))
+     {
+-    int nbase = sscanf(lbase, "%255[^\r\n]", strbase);
+-    int ntest = sscanf(ltest, "%255[^\r\n]", strtest);
+-    assert( nbase != 255 && ntest != 255 );
++    int nbase = sscanf(lbase, "%511[^\r\n]", strbase);
++    int ntest = sscanf(ltest, "%511[^\r\n]", strtest);
++    assert( nbase != 511 && ntest != 511 );
+     if( nbase != 1 || ntest != 1 )
+       {
+       fprintf(stderr, "could not parse line from files\n" );
diff --git a/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in b/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in
new file mode 100644
index 000000000000..ee04be1a3234
--- /dev/null
+++ b/graphics/openjpeg/files/patch-tests_nonregression_test__suite.ctest.in
@@ -0,0 +1,9 @@
+--- tests/nonregression/test_suite.ctest.in.orig	2016-09-14 00:06:50 UTC
++++ tests/nonregression/test_suite.ctest.in
+@@ -505,3 +505,6 @@ opj_decompress -i @INPUT_NR_PATH@/issue2
+ # issue 326 + PR 559: CIELab colorspace
+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-090-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-090-CIELab.jp2.pgx
+ opj_decompress -i @INPUT_NR_PATH@/issue559-eci-091-CIELab.jp2 -o @TEMP_PATH@/issue559-eci-091-CIELab.jp2.pgx
++# issue 823 (yes, not a typo, test image is issue822)
++!opj_decompress -i @INPUT_NR_PATH@/issue822.jp2 -o @TEMP_PATH@/issue822.png
++
author	Mark Felder <feld@FreeBSD.org>	2016-10-11 15:13:15 +0000
committer	Mark Felder <feld@FreeBSD.org>	2016-10-11 15:13:15 +0000
commit	5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187 (patch)
tree	356959c989d2189e1a3cfead33c25575f66a73ff /graphics/openjpeg
parent	045ce6434f487171986bebac28cd259332c7666b (diff)
download	ports-5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187.tar.gz ports-5a4e70c90a2f34bbb427fbeadd76a2c5d5de3187.zip