[-]
[+]
|
Added |
jasper.spec
|
|
[-]
[+]
|
Added |
jasper-1.900.1-uninitialized.patch
^
|
@@ -0,0 +1,11 @@
+--- src/libjasper/pnm/pnm_enc.c
++++ src/libjasper/pnm/pnm_enc.c
+@@ -424,7 +424,7 @@
+ static int pnm_putuint(jas_stream_t *out, int wordsize, uint_fast32_t *val)
+ {
+ int n;
+- uint_fast32_t tmpval;
++ uint_fast32_t tmpval=0;
+ int c;
+
+ n = (wordsize + 7) / 8;
|
[-]
[+]
|
Added |
jasper-CVE-2016-10251.patch
^
|
@@ -0,0 +1,87 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-16 09:23:44.445202359 +0100
++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-16 09:25:00.433202141 +0100
+@@ -432,18 +432,18 @@
+ &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
+ ++pi->picomp) {
+ pirlvl = pi->picomp->pirlvls;
+- pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
+- pi->picomp->numrlvls - 1));
+- pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn +
+- pi->picomp->numrlvls - 1));
++ pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1));
++ pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1));
+ for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1];
+ rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) {
+- pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 <<
+- (pirlvl->prcwidthexpn + pi->picomp->numrlvls -
+- rlvlno - 1)));
+- pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 <<
+- (pirlvl->prcheightexpn + pi->picomp->numrlvls -
+- rlvlno - 1)));
++ pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp *
++ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn +
++ pi->picomp->numrlvls - rlvlno - 1)));
++ pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp *
++ (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn +
++ pi->picomp->numrlvls - rlvlno - 1)));
+ }
+ for (pi->y = pi->ystart; pi->y < pi->yend;
+ pi->y += pi->ystep - (pi->y % pi->ystep)) {
+--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.h 2017-03-16 09:23:44.445202359 +0100
++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.h 2017-03-16 09:25:00.433202141 +0100
+@@ -129,10 +129,10 @@
+ jpc_pirlvl_t *pirlvls;
+
+ /* The horizontal sampling period. */
+- int hsamp;
++ uint_fast32_t hsamp;
+
+ /* The vertical sampling period. */
+- int vsamp;
++ uint_fast32_t vsamp;
+
+ } jpc_picomp_t;
+
+@@ -171,32 +171,32 @@
+ int lyrno;
+
+ /* The x-coordinate of the current position. */
+- int x;
++ uint_fast32_t x;
+
+ /* The y-coordinate of the current position. */
+- int y;
++ uint_fast32_t y;
+
+ /* The horizontal step size. */
+- int xstep;
++ uint_fast32_t xstep;
+
+ /* The vertical step size. */
+- int ystep;
++ uint_fast32_t ystep;
+
+ /* The x-coordinate of the top-left corner of the tile on the reference
+ grid. */
+- int xstart;
++ uint_fast32_t xstart;
+
+ /* The y-coordinate of the top-left corner of the tile on the reference
+ grid. */
+- int ystart;
++ uint_fast32_t ystart;
+
+ /* The x-coordinate of the bottom-right corner of the tile on the
+ reference grid (plus one). */
+- int xend;
++ uint_fast32_t xend;
+
+ /* The y-coordinate of the bottom-right corner of the tile on the
+ reference grid (plus one). */
+- int yend;
++ uint_fast32_t yend;
+
+ /* The current progression change. */
+ jpc_pchg_t *pchg;
|
[-]
[+]
|
Added |
jasper-CVE-2016-8654.patch
^
|
@@ -0,0 +1,88 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_qmfb.c 2016-10-24 08:18:43.000000000 +0200
++++ jasper-1.900.14/src/libjasper/jpc/jpc_qmfb.c 2016-12-13 10:45:00.879969920 +0100
+@@ -374,7 +374,7 @@
+ register jpc_fix_t *dstptr;
+ register int n;
+ register int m;
+- int hstartcol;
++ int hstartrow;
+
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+@@ -385,9 +385,9 @@
+ }
+
+ if (numrows >= 2) {
+- hstartcol = (numrows + 1 - parity) >> 1;
+- // ORIGINAL (WRONG): m = (parity) ? hstartcol : (numrows - hstartcol);
+- m = numrows - hstartcol;
++ hstartrow = (numrows + 1 - parity) >> 1;
++ // ORIGINAL (WRONG): m = (parity) ? hstartrow : (numrows - hstartrow);
++ m = numrows - hstartrow;
+
+ /* Save the samples destined for the highpass channel. */
+ n = m;
+@@ -408,7 +408,7 @@
+ srcptr += stride << 1;
+ }
+ /* Copy the saved samples into the highpass channel. */
+- dstptr = &a[hstartcol * stride];
++ dstptr = &a[hstartrow * stride];
+ srcptr = buf;
+ n = m;
+ while (n-- > 0) {
+@@ -439,20 +439,21 @@
+ register int n;
+ register int i;
+ int m;
+- int hstartcol;
++ int hstartrow;
+
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE,
++ sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
+ abort();
+ }
+ }
+
+ if (numrows >= 2) {
+- hstartcol = (numrows + 1 - parity) >> 1;
+- // ORIGINAL (WRONG): m = (parity) ? hstartcol : (numrows - hstartcol);
+- m = numrows - hstartcol;
++ hstartrow = (numrows + 1 - parity) >> 1;
++ // ORIGINAL (WRONG): m = (parity) ? hstartrow : (numrows - hstartrow);
++ m = numrows - hstartrow;
+
+ /* Save the samples destined for the highpass channel. */
+ n = m;
+@@ -485,7 +486,7 @@
+ srcptr += stride << 1;
+ }
+ /* Copy the saved samples into the highpass channel. */
+- dstptr = &a[hstartcol * stride];
++ dstptr = &a[hstartrow * stride];
+ srcptr = buf;
+ n = m;
+ while (n-- > 0) {
+@@ -526,7 +527,7 @@
+
+ /* Get a buffer. */
+ if (bufsize > QMFB_SPLITBUFSIZE) {
+- if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide in this case. */
+ abort();
+ }
+@@ -721,7 +722,8 @@
+
+ /* Allocate memory for the join buffer from the heap. */
+ if (bufsize > QMFB_JOINBUFSIZE) {
+- if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, sizeof(jpc_fix_t)))) {
++ if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE,
++ sizeof(jpc_fix_t)))) {
+ /* We have no choice but to commit suicide. */
+ abort();
+ }
|
[-]
[+]
|
Added |
jasper-CVE-2016-9395.patch
^
|
@@ -0,0 +1,96 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-10-26 08:57:31.000000000 +0200
++++ jasper-1.900.14/src/libjasper/jpc/jpc_cs.c 2016-12-13 10:49:36.673944174 +0100
+@@ -489,6 +489,8 @@
+ unsigned int i;
+ uint_fast8_t tmp;
+
++ siz->comps = 0;
++
+ /* Eliminate compiler warning about unused variables. */
+ cstate = 0;
+
+@@ -502,44 +504,67 @@
+ jpc_getuint32(in, &siz->tilexoff) ||
+ jpc_getuint32(in, &siz->tileyoff) ||
+ jpc_getuint16(in, &siz->numcomps)) {
+- return -1;
++ goto error;
+ }
+- if (!siz->width || !siz->height || !siz->tilewidth ||
+- !siz->tileheight || !siz->numcomps || siz->numcomps > 16384) {
+- return -1;
+- }
+- if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) {
+- jas_eprintf("all tiles are outside the image area\n");
+- return -1;
++ if (!siz->width || !siz->height) {
++ jas_eprintf("reference grid cannot have zero area\n");
++ goto error;
++ }
++ if (!siz->tilewidth || !siz->tileheight) {
++ jas_eprintf("tile cannot have zero area\n");
++ goto error;
++ }
++ if (!siz->numcomps || siz->numcomps > 16384) {
++ jas_eprintf("number of components not in permissible range\n");
++ goto error;
++ }
++ if (siz->xoff >= siz->width) {
++ jas_eprintf("XOsiz not in permissible range\n");
++ goto error;
++ }
++ if (siz->yoff >= siz->height) {
++ jas_eprintf("YOsiz not in permissible range\n");
++ goto error;
++ }
++ if (siz->tilexoff > siz->xoff || siz->tilexoff + siz->tilewidth <= siz->xoff) {
++ jas_eprintf("XTOsiz not in permissible range\n");
++ goto error;
++ }
++ if (siz->tileyoff > siz->yoff || siz->tileyoff + siz->tileheight <= siz->yoff) {
++ jas_eprintf("YTOsiz not in permissible range\n");
++ goto error;
+ }
++
+ if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) {
+- return -1;
++ goto error;
+ }
+ for (i = 0; i < siz->numcomps; ++i) {
+ if (jpc_getuint8(in, &tmp) ||
+ jpc_getuint8(in, &siz->comps[i].hsamp) ||
+ jpc_getuint8(in, &siz->comps[i].vsamp)) {
+- jas_free(siz->comps);
+- return -1;
++ goto error;
+ }
+ if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) {
+ jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp);
+- jas_free(siz->comps);
+- return -1;
++ goto error;
+ }
+ if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) {
+ jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp);
+- jas_free(siz->comps);
+- return -1;
++ goto error;
+ }
+ siz->comps[i].sgnd = (tmp >> 7) & 1;
+ siz->comps[i].prec = (tmp & 0x7f) + 1;
+ }
+ if (jas_stream_eof(in)) {
+- jas_free(siz->comps);
+- return -1;
++ goto error;
+ }
+ return 0;
++
++error:
++ if (siz->comps) {
++ jas_free(siz->comps);
++ }
++ return -1;
+ }
+
+ static int jpc_siz_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out)
|
[-]
[+]
|
Added |
jasper-CVE-2016-9398.patch
^
|
@@ -0,0 +1,12 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c 2016-10-18 08:27:00.000000000 +0200
++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c 2016-12-13 10:42:02.827869570 +0100
+@@ -296,6 +296,9 @@
+ passno = cblk->firstpassno + cblk->numpasses + mycounter;
+ /* XXX - the maxpasses is not set precisely but this doesn't matter... */
+ maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0);
++ // Avoid maxpasses to be negative
++ if (maxpasses < 0)
++ maxpasses = -maxpasses;
+ if (!discard && !seg) {
+ if (!(seg = jpc_seg_alloc())) {
+ return -1;
|
[-]
[+]
|
Added |
jasper-CVE-2016-9560.patch
^
|
@@ -0,0 +1,12 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_dec.c 2016-10-26 08:57:31.000000000 +0200
++++ jasper-1.900.14/src/libjasper/jpc/jpc_dec.c 2016-12-13 10:46:55.441456344 +0100
+@@ -678,7 +678,7 @@
+ uint_fast32_t tmpxend;
+ uint_fast32_t tmpyend;
+ jpc_dec_cp_t *cp;
+- jpc_tsfb_band_t bnds[64];
++ jpc_tsfb_band_t bnds[JPC_MAXBANDS];
+ jpc_pchg_t *pchg;
+ int pchgno;
+ jpc_dec_cmpt_t *cmpt;
+Only in jasper-1.900.14/src/libjasper/jpc: jpc_dec.c.orig
|
[-]
[+]
|
Added |
jasper-CVE-2016-9583.patch
^
|
@@ -0,0 +1,219 @@
+--- jasper-1.900.14/src/libjasper/include/jasper/jas_types.h 2017-03-22 10:14:30.098037013 +0100
++++ jasper-1.900.14/src/libjasper/include/jasper/jas_types.h 2017-03-22 10:15:11.619685037 +0100
+@@ -128,6 +128,10 @@
+ #define JAS_CAST(t, e) \
+ ((t) (e))
+
++/* The number of bits in the integeral type uint_fast32_t. */
++/* NOTE: This could underestimate the size on some exotic architectures. */
++#define JAS_UINTFAST32_NUMBITS (8 * sizeof(uint_fast32_t))
++
+ #ifdef __cplusplus
+ extern "C" {
+ #endif
+--- jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22 10:14:30.102037013 +0100
++++ jasper-1.900.14/src/libjasper/jpc/jpc_t2cod.c 2017-03-22 10:15:11.619685037 +0100
+@@ -200,7 +200,8 @@
+ JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) {
+ for (pi->compno = pchg->compnostart, pi->picomp =
+ &pi->picomps[pi->compno]; pi->compno < pi->numcomps &&
+- pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, ++pi->picomp) {
++ pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno,
++ ++pi->picomp) {
+ if (pi->rlvlno >= pi->picomp->numrlvls) {
+ continue;
+ }
+@@ -249,10 +250,17 @@
+ ++compno, ++picomp) {
+ for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno <
+ picomp->numrlvls; ++rlvlno, ++pirlvl) {
+- xstep = picomp->hsamp * (1 << (pirlvl->prcwidthexpn +
+- picomp->numrlvls - rlvlno - 1));
+- ystep = picomp->vsamp * (1 << (pirlvl->prcheightexpn +
+- picomp->numrlvls - rlvlno - 1));
++ // Check for the potential for overflow problems.
++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2 ||
++ pirlvl->prcheightexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2) {
++ return -1;
++ }
++ xstep = picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1));
++ ystep = picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1));
+ pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep);
+ pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep);
+ }
+@@ -282,21 +290,24 @@
+ rpy = r + pi->pirlvl->prcheightexpn;
+ trx0 = JPC_CEILDIV(pi->xstart, pi->picomp->hsamp << r);
+ try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r);
+- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx)))
+- || !(pi->x % (1 << rpx))) &&
+- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy)))
+- || !(pi->y % (1 << rpy)))) {
+- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp
+- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0,
+- pi->pirlvl->prcwidthexpn);
+- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp
+- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0,
+- pi->pirlvl->prcheightexpn);
++ if (((pi->x == pi->xstart &&
++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx)))
++ || !(pi->x % (JAS_CAST(uint_fast32_t, 1) << rpx))) &&
++ ((pi->y == pi->ystart &&
++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy)))
++ || !(pi->y % (JAS_CAST(uint_fast32_t, 1) << rpy)))) {
++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x,
++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) -
++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn);
++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y,
++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) -
++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn);
+ pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind;
+
+ assert(pi->prcno < pi->pirlvl->numprcs);
+ for (pi->lyrno = 0; pi->lyrno <
+- pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) {
++ pi->numlyrs && pi->lyrno < JAS_CAST(int,
++ pchg->lyrnoend); ++pi->lyrno) {
+ prclyrno = &pi->pirlvl->prclyrnos[pi->prcno];
+ if (pi->lyrno >= *prclyrno) {
+ ++(*prclyrno);
+@@ -341,16 +352,19 @@
+ ++compno, ++picomp) {
+ for (rlvlno = 0, pirlvl = picomp->pirlvls; rlvlno <
+ picomp->numrlvls; ++rlvlno, ++pirlvl) {
+- xstep = picomp->hsamp * (1 <<
+- (pirlvl->prcwidthexpn + picomp->numrlvls -
+- rlvlno - 1));
+- ystep = picomp->vsamp * (1 <<
+- (pirlvl->prcheightexpn + picomp->numrlvls -
+- rlvlno - 1));
+- pi->xstep = (!pi->xstep) ? xstep :
+- JAS_MIN(pi->xstep, xstep);
+- pi->ystep = (!pi->ystep) ? ystep :
+- JAS_MIN(pi->ystep, ystep);
++ // Check for the potential for overflow problems.
++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2 ||
++ pirlvl->prcheightexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2) {
++ return -1;
++ }
++ xstep = picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcwidthexpn + picomp->numrlvls - rlvlno - 1));
++ ystep = picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
++ (pirlvl->prcheightexpn + picomp->numrlvls - rlvlno - 1));
++ pi->xstep = (!pi->xstep) ? xstep : JAS_MIN(pi->xstep, xstep);
++ pi->ystep = (!pi->ystep) ? ystep : JAS_MIN(pi->ystep, ystep);
+ }
+ }
+ pi->prgvolfirst = 0;
+@@ -377,20 +391,23 @@
+ try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r);
+ rpx = r + pi->pirlvl->prcwidthexpn;
+ rpy = r + pi->pirlvl->prcheightexpn;
+- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) ||
++ if (((pi->x == pi->xstart &&
++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) ||
+ !(pi->x % (pi->picomp->hsamp << rpx))) &&
+- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) ||
++ ((pi->y == pi->ystart &&
++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) ||
+ !(pi->y % (pi->picomp->vsamp << rpy)))) {
+- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp
+- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0,
+- pi->pirlvl->prcwidthexpn);
+- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp
+- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0,
+- pi->pirlvl->prcheightexpn);
++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x,
++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) -
++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn);
++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y,
++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) -
++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn);
+ pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind;
+ assert(pi->prcno < pi->pirlvl->numprcs);
+ for (pi->lyrno = 0; pi->lyrno < pi->numlyrs &&
+- pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) {
++ pi->lyrno < JAS_CAST(int, pchg->lyrnoend);
++ ++pi->lyrno) {
+ prclyrno = &pi->pirlvl->prclyrnos[pi->prcno];
+ if (pi->lyrno >= *prclyrno) {
+ ++(*prclyrno);
+@@ -428,10 +445,17 @@
+ pi->prgvolfirst = 0;
+ }
+
+- for (pi->compno = pchg->compnostart, pi->picomp =
+- &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno,
+- ++pi->picomp) {
++ for (pi->compno = pchg->compnostart, pi->picomp = &pi->picomps[pi->compno];
++ pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps;
++ ++pi->compno, ++pi->picomp) {
+ pirlvl = pi->picomp->pirlvls;
++ // Check for the potential for overflow problems.
++ if (pirlvl->prcwidthexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2 ||
++ pirlvl->prcheightexpn + pi->picomp->numrlvls >
++ JAS_UINTFAST32_NUMBITS - 2) {
++ return -1;
++ }
+ pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) <<
+ (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1));
+ pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) <<
+@@ -461,23 +485,23 @@
+ try0 = JPC_CEILDIV(pi->ystart, pi->picomp->vsamp << r);
+ rpx = r + pi->pirlvl->prcwidthexpn;
+ rpy = r + pi->pirlvl->prcheightexpn;
+- if (((pi->x == pi->xstart && ((trx0 << r) % (1 << rpx))) ||
++ if (((pi->x == pi->xstart &&
++ ((trx0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpx))) ||
+ !(pi->x % (pi->picomp->hsamp << rpx))) &&
+- ((pi->y == pi->ystart && ((try0 << r) % (1 << rpy))) ||
++ ((pi->y == pi->ystart &&
++ ((try0 << r) % (JAS_CAST(uint_fast32_t, 1) << rpy))) ||
+ !(pi->y % (pi->picomp->vsamp << rpy)))) {
+- prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x, pi->picomp->hsamp
+- << r), pi->pirlvl->prcwidthexpn) - JPC_FLOORDIVPOW2(trx0,
+- pi->pirlvl->prcwidthexpn);
+- prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y, pi->picomp->vsamp
+- << r), pi->pirlvl->prcheightexpn) - JPC_FLOORDIVPOW2(try0,
+- pi->pirlvl->prcheightexpn);
+- pi->prcno = prcvind *
+- pi->pirlvl->numhprcs +
+- prchind;
+- assert(pi->prcno <
+- pi->pirlvl->numprcs);
+- for (pi->lyrno = 0; pi->lyrno <
+- pi->numlyrs && pi->lyrno < JAS_CAST(int, pchg->lyrnoend); ++pi->lyrno) {
++ prchind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->x,
++ pi->picomp->hsamp << r), pi->pirlvl->prcwidthexpn) -
++ JPC_FLOORDIVPOW2(trx0, pi->pirlvl->prcwidthexpn);
++ prcvind = JPC_FLOORDIVPOW2(JPC_CEILDIV(pi->y,
++ pi->picomp->vsamp << r), pi->pirlvl->prcheightexpn) -
++ JPC_FLOORDIVPOW2(try0, pi->pirlvl->prcheightexpn);
++ pi->prcno = prcvind * pi->pirlvl->numhprcs + prchind;
|
[-]
[+]
|
Added |
jasper-CVE-2016-9591.patch
^
|
@@ -0,0 +1,106 @@
+--- jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2016-10-26 08:57:31.000000000 +0200
++++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2016-12-21 09:13:46.503347680 +0100
+@@ -2027,14 +2027,18 @@
+ tcmpt_destroy(tcmpt);
+ }
+ jas_free(tile->tcmpts);
++ tile->tcmpts = NULL;
+ }
+ if (tile->lyrsizes) {
+ jas_free(tile->lyrsizes);
++ tile->lyrsizes = NULL;
+ }
+ if (tile->pi) {
+ jpc_pi_destroy(tile->pi);
++ tile->pi = NULL;
+ }
+ jas_free(tile);
++ tile = NULL;
+ }
+
+ static jpc_enc_tcmpt_t *tcmpt_create(jpc_enc_tcmpt_t *tcmpt, jpc_enc_cp_t *cp,
+@@ -2143,13 +2147,16 @@
+ rlvl_destroy(rlvl);
+ }
+ jas_free(tcmpt->rlvls);
++ tcmpt->rlvls = NULL;
+ }
+
+ if (tcmpt->data) {
+ jas_seq2d_destroy(tcmpt->data);
++ tcmpt->data = NULL;
+ }
+ if (tcmpt->tsfb) {
+ jpc_tsfb_destroy(tcmpt->tsfb);
++ tcmpt->tsfb = NULL;
+ }
+ }
+
+@@ -2245,6 +2252,7 @@
+ band_destroy(band);
+ }
+ jas_free(rlvl->bands);
++ rlvl->bands = NULL;
+ }
+ }
+
+@@ -2328,9 +2336,11 @@
+ prc_destroy(prc);
+ }
+ jas_free(band->prcs);
++ band->prcs = NULL;
+ }
+ if (band->data) {
+ jas_seq2d_destroy(band->data);
++ band->data = NULL;
+ }
+ }
+
+@@ -2470,18 +2480,23 @@
+ cblk_destroy(cblk);
+ }
+ jas_free(prc->cblks);
++ prc->cblks = NULL;
+ }
+ if (prc->incltree) {
+ jpc_tagtree_destroy(prc->incltree);
++ prc->incltree = NULL;
+ }
+ if (prc->nlibtree) {
+ jpc_tagtree_destroy(prc->nlibtree);
++ prc->nlibtree = NULL;
+ }
+ if (prc->savincltree) {
+ jpc_tagtree_destroy(prc->savincltree);
++ prc->savincltree = NULL;
+ }
+ if (prc->savnlibtree) {
+ jpc_tagtree_destroy(prc->savnlibtree);
++ prc->savnlibtree = NULL;
+ }
+ }
+
+@@ -2553,18 +2568,23 @@
+ pass_destroy(pass);
+ }
+ jas_free(cblk->passes);
++ cblk->passes = NULL;
+ }
+ if (cblk->stream) {
+ jas_stream_close(cblk->stream);
++ cblk->stream = NULL;
+ }
+ if (cblk->mqenc) {
+ jpc_mqenc_destroy(cblk->mqenc);
++ cblk->mqenc = NULL;
+ }
+ if (cblk->data) {
+ jas_seq2d_destroy(cblk->data);
++ cblk->data = NULL;
+ }
+ if (cblk->flags) {
+ jas_seq2d_destroy(cblk->flags);
++ cblk->flags = NULL;
+ }
+ }
+
|
[-]
[+]
|
Added |
jasper-CVE-2016-9600.patch
^
|
@@ -0,0 +1,73 @@
+--- jasper-1.900.14/src/libjasper/jp2/jp2_enc.c 2017-03-17 09:43:12.997336723 +0100
++++ jasper-1.900.14/src/libjasper/jp2/jp2_enc.c 2017-03-17 09:44:09.605336937 +0100
+@@ -112,6 +112,8 @@
+
+ box = 0;
+ tmpstream = 0;
++ iccstream = 0;
++ iccprof = 0;
+
+ allcmptssame = 1;
+ sgnd = jas_image_cmptsgnd(image, 0);
+@@ -225,22 +227,36 @@
+ colr->method = JP2_COLR_ICC;
+ colr->pri = JP2_COLR_PRI;
+ colr->approx = 0;
+- iccprof = jas_iccprof_createfromcmprof(jas_image_cmprof(image));
+- assert(iccprof);
+- iccstream = jas_stream_memopen(0, 0);
+- assert(iccstream);
+- if (jas_iccprof_save(iccprof, iccstream))
+- abort();
+- if ((pos = jas_stream_tell(iccstream)) < 0)
+- abort();
++ /* Ensure that cmprof_ is not null. */
++ if (!jas_image_cmprof(image)) {
++ goto error;
++ }
++ if (!(iccprof = jas_iccprof_createfromcmprof(
++ jas_image_cmprof(image)))) {
++ goto error;
++ }
++ if (!(iccstream = jas_stream_memopen(0, 0))) {
++ goto error;
++ }
++ if (jas_iccprof_save(iccprof, iccstream)) {
++ goto error;
++ }
++ if ((pos = jas_stream_tell(iccstream)) < 0) {
++ goto error;
++ }
+ colr->iccplen = pos;
+- colr->iccp = jas_malloc(pos);
+- assert(colr->iccp);
++ if (!(colr->iccp = jas_malloc(pos))) {
++ goto error;
++ }
+ jas_stream_rewind(iccstream);
+- if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != colr->iccplen)
+- abort();
++ if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) !=
++ colr->iccplen) {
++ goto error;
++ }
+ jas_stream_close(iccstream);
++ iccstream = 0;
+ jas_iccprof_destroy(iccprof);
++ iccprof = 0;
+ break;
+ }
+ if (jp2_box_put(box, tmpstream)) {
+@@ -354,6 +370,12 @@
+
+ error:
+
++ if (iccprof) {
++ jas_iccprof_destroy(iccprof);
++ }
++ if (iccstream) {
++ jas_stream_close(iccstream);
++ }
+ if (box) {
+ jp2_box_destroy(box);
+ }
|
[-]
[+]
|
Added |
jasper-CVE-2017-5498.patch
^
|
@@ -0,0 +1,254 @@
+--- jasper-1.900.14/configure.ac 2017-03-17 08:43:25.687753771 +0100
++++ jasper-1.900.14/configure.ac 2017-03-17 09:16:38.537161365 +0100
+@@ -130,6 +130,16 @@
+ /* If configure is being used, this symbol will be defined automatically
+ at this point in the configuration header file. */
+
++#if defined(__GNUC__)
++#define JAS_ATTRIBUTE_DISABLE_USAN \
++ __attribute__((no_sanitize_undefined))
++#elif defined(__clang__)
++#define JAS_ATTRIBUTE_DISABLE_USAN \
++ __attribute__((no_sanitize("undefined")))
++#else
++#define JAS_ATTRIBUTE_DISABLE_USAN
++#endif
++
+ /* The preprocessor symbol JAS_WIN_MSVC_BUILD should not be defined
+ unless the JasPer software is being built under Microsoft Windows
+ using Microsoft Visual C. */
+--- jasper-1.900.14/src/appl/imgcmp.c 2017-03-17 08:43:25.687753771 +0100
++++ jasper-1.900.14/src/appl/imgcmp.c 2017-03-17 09:17:02.777161456 +0100
+@@ -439,7 +439,7 @@
+ s = 0.0;
+ for (i = 0; i < jas_matrix_numrows(x); i++) {
+ for (j = 0; j < jas_matrix_numcols(x); j++) {
+- d = abs(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j));
++ d = JAS_ABS(jas_matrix_get(y, i, j) - jas_matrix_get(x, i, j));
+ if (d > s) {
+ s = d;
+ }
+--- jasper-1.900.14/src/appl/jiv.c 2017-03-17 08:43:25.687753771 +0100
++++ jasper-1.900.14/src/appl/jiv.c 2017-03-17 09:17:02.777161456 +0100
+@@ -377,7 +377,7 @@
+
+ assert(regwidth > 0);
+ assert(regheight > 0);
+- assert(abs(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5);
++ assert(JAS_ABS(((double) regheight / regwidth) - ((double) gs.viewportheight / gs.viewportwidth)) < 1e-5);
+
+ glClear(GL_COLOR_BUFFER_BIT);
+ glPixelStorei(GL_UNPACK_ALIGNMENT, sizeof(GLshort));
+--- jasper-1.900.14/src/libjasper/include/jasper/jas_image.h 2017-03-17 08:43:25.667753771 +0100
++++ jasper-1.900.14/src/libjasper/include/jasper/jas_image.h 2017-03-17 09:17:02.777161456 +0100
+@@ -93,8 +93,12 @@
+ * Miscellaneous constants.
+ */
+
++/* Basic units */
++#define JAS_IMAGE_KIBI (JAS_CAST(size_t, 1024))
++#define JAS_IMAGE_MEBI (JAS_IMAGE_KIBI * JAS_IMAGE_KIBI)
++
+ /* The threshold at which image data is no longer stored in memory. */
+-#define JAS_IMAGE_INMEMTHRESH (16 * 1024 * 1024)
++#define JAS_IMAGE_INMEMTHRESH (256 * JAS_IMAGE_MEBI)
+
+ /*
+ * Component types
+--- jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-03-17 08:43:25.667753771 +0100
++++ jasper-1.900.14/src/libjasper/include/jasper/jas_math.h 2017-03-17 09:17:02.777161456 +0100
+@@ -75,6 +75,7 @@
+ \******************************************************************************/
+
+ #include <jasper/jas_config.h>
++#include <jasper/jas_types.h>
+
+ #include <assert.h>
+ #include <stdio.h>
+@@ -116,9 +117,12 @@
+ *
+ \******************************************************************************/
+
+-__attribute__ ((no_sanitize_undefined))
++JAS_ATTRIBUTE_DISABLE_USAN
+ inline static int jas_int_asr(int x, int n)
+ {
++ // Ensure that the shift of a negative value appears to behave as a
++ // signed arithmetic shift.
++ assert(((-1) >> 1) == -1);
+ assert(n >= 0);
+ // The behavior is undefined when x is negative. */
+ // We tacitly assume the behavior is equivalent to a signed
+@@ -126,9 +130,12 @@
+ return x >> n;
+ }
+
+-__attribute__ ((no_sanitize_undefined))
++JAS_ATTRIBUTE_DISABLE_USAN
+ inline static int jas_int_asl(int x, int n)
+ {
++ // Ensure that the shift of a negative value appears to behave as a
++ // signed arithmetic shift.
++ assert(((-1) << 1) == -2);
+ assert(n >= 0);
+ // The behavior is undefined when x is negative. */
+ // We tacitly assume the behavior is equivalent to a signed
+@@ -136,9 +143,12 @@
+ return x << n;
+ }
+
+-__attribute__ ((no_sanitize_undefined))
++JAS_ATTRIBUTE_DISABLE_USAN
+ inline static int jas_fast32_asr(int_fast32_t x, int n)
+ {
++ // Ensure that the shift of a negative value appears to behave as a
++ // signed arithmetic shift.
++ assert(((JAS_CAST(int_fast32_t, -1)) >> 1) == JAS_CAST(int_fast32_t, -1));
+ assert(n >= 0);
+ // The behavior is undefined when x is negative. */
+ // We tacitly assume the behavior is equivalent to a signed
+@@ -146,9 +156,12 @@
+ return x >> n;
+ }
+
+-__attribute__ ((no_sanitize_undefined))
++JAS_ATTRIBUTE_DISABLE_USAN
+ inline static int jas_fast32_asl(int_fast32_t x, int n)
+ {
++ // Ensure that the shift of a negative value appears to behave as a
++ // signed arithmetic shift.
++ assert(((JAS_CAST(int_fast32_t, -1)) << 1) == JAS_CAST(int_fast32_t, -2));
+ assert(n >= 0);
+ // The behavior is undefined when x is negative. */
+ // We tacitly assume the behavior is equivalent to a signed
+--- jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2017-03-17 08:43:25.671753771 +0100
++++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c 2017-03-17 09:17:02.777161456 +0100
+@@ -1215,7 +1215,7 @@
+ mxmag = 0;
+ for (y = 0; y < JAS_CAST(uint_fast32_t, jas_matrix_numrows(band->data)); ++y) {
+ for (x = 0; x < JAS_CAST(uint_fast32_t, jas_matrix_numcols(band->data)); ++x) {
+- mag = abs(jas_matrix_get(band->data, y, x));
++ mag = JAS_ABS(jas_matrix_get(band->data, y, x));
+ if (mag > mxmag) {
+ mxmag = mag;
+ }
+--- jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c 2017-03-17 08:43:25.671753771 +0100
++++ jasper-1.900.14/src/libjasper/jpc/jpc_t1enc.c 2017-03-17 09:17:02.777161456 +0100
+@@ -117,9 +117,9 @@
+ jpc_enc_cblk_t *endcblks;
+ int i;
+ int j;
+- int mx;
+- int bmx;
+- int v;
++ jpc_fix_t mx;
++ jpc_fix_t bmx;
++ jpc_fix_t v;
+ jpc_enc_tile_t *tile;
+ uint_fast32_t prcno;
+ jpc_enc_prc_t *prc;
+@@ -148,7 +148,7 @@
+ mx = 0;
+ for (i = 0; i < jas_matrix_numrows(cblk->data); ++i) {
+ for (j = 0; j < jas_matrix_numcols(cblk->data); ++j) {
+- v = abs(jas_matrix_get(cblk->data, i, j));
++ v = JAS_ABS(jas_matrix_get(cblk->data, i, j));
+ if (v > mx) {
+ mx = v;
+ }
+@@ -407,15 +407,15 @@
+
+ #define sigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, orient, mqenc, vcausalflag) \
+ { \
+- int f; \
++ jpc_fix_t f; \
+ int v; \
+ f = *(fp); \
+ if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG | JPC_VISIT))) { \
+- v = (abs(*(dp)) & (one)) ? 1 : 0; \
++ v = (JAS_ABS(*(dp)) & (one)) ? 1 : 0; \
+ jpc_mqenc_setcurctx(mqenc, JPC_GETZCCTXNO(f, (orient))); \
+ jpc_mqenc_putbit(mqenc, v); \
+ if (v) { \
+- *(nmsedec) += JPC_GETSIGNMSEDEC(abs(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
++ *(nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
+ v = ((*(dp) < 0) ? 1 : 0); \
+ jpc_mqenc_setcurctx(mqenc, JPC_GETSCCTXNO(f)); \
+ jpc_mqenc_putbit(mqenc, v ^ JPC_GETSPB(f)); \
+@@ -506,14 +506,14 @@
+ #define rawsigpass_step(fp, frowstep, dp, bitpos, one, nmsedec, out, vcausalflag) \
+ { \
+ jpc_fix_t f = *(fp); \
+- jpc_fix_t v; \
++ int v; \
+ if ((f & JPC_OTHSIGMSK) && !(f & (JPC_SIG | JPC_VISIT))) { \
+- v = (abs(*(dp)) & (one)) ? 1 : 0; \
++ v = (JAS_ABS(*(dp)) & (one)) ? 1 : 0; \
+ if ((jpc_bitstream_putbit((out), v)) == EOF) { \
+ return -1; \
+ } \
+ if (v) { \
+- *(nmsedec) += JPC_GETSIGNMSEDEC(abs(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
++ *(nmsedec) += JPC_GETSIGNMSEDEC(JAS_ABS(*(dp)), (bitpos) + JPC_NUMEXTRABITS); \
+ v = ((*(dp) < 0) ? 1 : 0); \
+ if (jpc_bitstream_putbit(out, v) == EOF) { \
+ return -1; \
+@@ -619,9 +619,9 @@
+ int v; \
+ if (((*(fp)) & (JPC_SIG | JPC_VISIT)) == JPC_SIG) { \
+ (d) = *(dp); \
|
[-]
[+]
|
Added |
jasper-CVE-2017-6850.patch
^
|
@@ -0,0 +1,251 @@
+--- jasper-1.900.14/src/libjasper/base/jas_stream.c 2017-03-22 10:18:22.195685757 +0100
++++ jasper-1.900.14/src/libjasper/base/jas_stream.c 2017-03-22 10:20:15.366313051 +0100
+@@ -507,6 +507,7 @@
+ return 0;
+ }
+
++/* FIXME integral type */
+ int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
+ {
+ int n;
+@@ -527,6 +528,7 @@
+ return n;
+ }
+
++/* FIXME integral type */
+ int jas_stream_write(jas_stream_t *stream, const void *buf, int cnt)
+ {
+ int n;
+@@ -573,6 +575,7 @@
+ return 0;
+ }
+
++/* FIXME integral type */
+ char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
+ {
+ int c;
+@@ -594,6 +597,7 @@
+ return buf;
+ }
+
++/* FIXME integral type */
+ int jas_stream_gobble(jas_stream_t *stream, int n)
+ {
+ int m;
+@@ -606,6 +610,7 @@
+ return n;
+ }
+
++/* FIXME integral type */
+ int jas_stream_pad(jas_stream_t *stream, int n, int c)
+ {
+ int m;
+@@ -696,6 +701,7 @@
+ * Buffer initialization code.
+ \******************************************************************************/
+
++/* FIXME integral type */
+ static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
+ int bufsize)
+ {
+@@ -871,6 +877,7 @@
+ return openmode;
+ }
+
++/* FIXME integral type */
+ int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
+ {
+ int all;
+@@ -896,6 +903,7 @@
+ return 0;
+ }
+
++/* FIXME integral type */
+ long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
+ {
+ int old;
+@@ -905,6 +913,7 @@
+ return old;
+ }
+
++/* FIXME integral type */
+ int jas_stream_display(jas_stream_t *stream, FILE *fp, int n)
+ {
+ unsigned char buf[16];
+@@ -979,6 +988,7 @@
+ * Memory stream object.
+ \******************************************************************************/
+
++/* FIXME integral type */
+ static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ int n;
+@@ -1007,6 +1017,7 @@
+ return 0;
+ }
+
++/* FIXME integral type */
+ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ int n;
+@@ -1054,6 +1065,7 @@
+ return ret;
+ }
+
++/* FIXME integral type */
+ static long mem_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj;
+@@ -1096,18 +1108,21 @@
+ * File stream object.
+ \******************************************************************************/
+
++/* FIXME integral type */
+ static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
+ return read(fileobj->fd, buf, cnt);
+ }
+
++/* FIXME integral type */
+ static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
+ return write(fileobj->fd, buf, cnt);
+ }
+
++/* FIXME integral type */
+ static long file_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
+@@ -1130,6 +1145,7 @@
+ * Stdio file stream object.
+ \******************************************************************************/
+
++/* FIXME integral type */
+ static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ FILE *fp;
+@@ -1144,6 +1160,7 @@
+ return result;
+ }
+
++/* FIXME integral type */
+ static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
+ {
+ FILE *fp;
+@@ -1153,6 +1170,7 @@
+ return (n != JAS_CAST(size_t, cnt)) ? (-1) : cnt;
+ }
+
++/* FIXME integral type */
+ static long sfile_seek(jas_stream_obj_t *obj, long offset, int origin)
+ {
+ FILE *fp;
+--- jasper-1.900.14/src/libjasper/jp2/jp2_cod.c 2017-03-22 10:18:22.191685757 +0100
++++ jasper-1.900.14/src/libjasper/jp2/jp2_cod.c 2017-03-22 10:20:15.366313051 +0100
+@@ -183,15 +183,28 @@
+ * Box constructor.
+ \******************************************************************************/
+
+-jp2_box_t *jp2_box_create(int type)
++jp2_box_t *jp2_box_create0()
+ {
+ jp2_box_t *box;
+- jp2_boxinfo_t *boxinfo;
+-
+ if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
+ return 0;
+ }
+ memset(box, 0, sizeof(jp2_box_t));
++ box->type = 0;
++ box->len = 0;
++ // Mark the box data as never having been constructed
++ // so that we will not errantly attempt to destroy it later.
++ box->ops = &jp2_boxinfo_unk.ops;
++ return box;
++}
++
++jp2_box_t *jp2_box_create(int type)
++{
++ jp2_box_t *box;
++ jp2_boxinfo_t *boxinfo;
++ if (!(box = jp2_box_create0())) {
++ return 0;
++ }
+ box->type = type;
+ box->len = 0;
+ if (!(boxinfo = jp2_boxinfolookup(type))) {
+@@ -248,14 +261,9 @@
+ box = 0;
+ tmpstream = 0;
+
+- if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
++ if (!(box = jp2_box_create0())) {
+ goto error;
+ }
+-
+- // Mark the box data as never having been constructed
+- // so that we will not errantly attempt to destroy it later.
+- box->ops = &jp2_boxinfo_unk.ops;
+-
+ if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) {
+ goto error;
+ }
+@@ -263,10 +271,12 @@
+ box->info = boxinfo;
+ box->len = len;
+ JAS_DBGLOG(10, (
+- "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n",
|
[-]
[+]
|
Added |
baselibs.conf
^
|
@@ -0,0 +1,3 @@
+libjasper1
+ obsoletes "libjasper-<targettype>"
+ provides "libjasper-<targettype>"
|
|
Added |
jasper-1.900.14.tar.bz2
^
|