Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/media-libs/jbig2dec/files
diff options
context:
space:
mode:
authorSam James <sam@gentoo.org>2020-07-19 18:28:15 +0000
committerSam James <sam@gentoo.org>2020-07-19 18:28:16 +0000
commit3c8aa035785724e5c7dad46b35c25500d4c7135a (patch)
tree9175639615a250309f993749ecb3b67cd6967aeb /media-libs/jbig2dec/files
parentdev-python/jedi: Bump to 0.17.2 (diff)
downloadgentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.tar.gz
gentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.tar.bz2
gentoo-3c8aa035785724e5c7dad46b35c25500d4c7135a.zip
media-libs/jbig2dec: security bump to 0.18
Bump to 0.18, but while we're here, add support for newer Pythons at build time. We include two additional upstream patches post-release which look security-relevant. Bug: https://bugs.gentoo.org/719730 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org>
Diffstat (limited to 'media-libs/jbig2dec/files')
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch51
-rw-r--r--media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch36
2 files changed, 87 insertions, 0 deletions
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch b/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch
new file mode 100644
index 000000000000..52a7f448e6f3
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.18-extra-overflow-checks.patch
@@ -0,0 +1,51 @@
+https://github.com/ArtifexSoftware/jbig2dec/commit/873694419b3498708b90c5c36ee0a73795a90c84
+----
+From 873694419b3498708b90c5c36ee0a73795a90c84 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 15 Sep 2019 17:31:48 +0200
+Subject: [PATCH] jbig2dec: Handle under-/overflow detection and messaging
+ better.
+
+Previously SYMWIDTH was capped too early in order to prevent underflow
+Moreover TOTWIDTH was allowed to overflow.
+
+Now the value DW is checked compared to SYMWIDTH, preventing over
+underflow and overflow at the correct limits, and an overflow
+check has been added for TOTWIDTH.
+---
+ jbig2_symbol_dict.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/jbig2_symbol_dict.c b/jbig2_symbol_dict.c
+index e606529..bc6e98c 100644
+--- a/jbig2_symbol_dict.c
++++ b/jbig2_symbol_dict.c
+@@ -428,14 +428,24 @@ jbig2_decode_symbol_dict(Jbig2Ctx *ctx,
+ break;
+ }
+
++ if (DW < 0 && SYMWIDTH < (uint32_t) -DW) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "DW value (%d) would make SYMWIDTH (%u) negative at symbol %u", DW, SYMWIDTH, NSYMSDECODED + 1);
++ goto cleanup;
++ }
++ if (DW > 0 && DW > UINT32_MAX - SYMWIDTH) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "DW value (%d) would make SYMWIDTH (%u) too large at symbol %u", DW, SYMWIDTH, NSYMSDECODED + 1);
++ goto cleanup;
++ }
++
+ SYMWIDTH = SYMWIDTH + DW;
+- TOTWIDTH = TOTWIDTH + SYMWIDTH;
+- if ((int32_t) SYMWIDTH < 0) {
+- code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "invalid SYMWIDTH value (%d) at symbol %d", SYMWIDTH, NSYMSDECODED + 1);
++ if (SYMWIDTH > UINT32_MAX - TOTWIDTH) {
++ code = jbig2_error(ctx, JBIG2_SEVERITY_FATAL, segment->number, "SYMWIDTH value (%u) would make TOTWIDTH (%u) too large at symbol %u", SYMWIDTH, TOTWIDTH, NSYMSDECODED + 1);
+ goto cleanup;
+ }
++
++ TOTWIDTH = TOTWIDTH + SYMWIDTH;
+ #ifdef JBIG2_DEBUG
+- jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "SYMWIDTH = %d TOTWIDTH = %d", SYMWIDTH, TOTWIDTH);
++ jbig2_error(ctx, JBIG2_SEVERITY_DEBUG, segment->number, "SYMWIDTH = %u TOTWIDTH = %u", SYMWIDTH, TOTWIDTH);
+ #endif
+ /* 6.5.5 (4c.ii) */
+ if (!params->SDHUFF || params->SDREFAGG) {
diff --git a/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
new file mode 100644
index 000000000000..7205c980fc28
--- /dev/null
+++ b/media-libs/jbig2dec/files/jbig2dec-0.18-overflow-IAID.patch
@@ -0,0 +1,36 @@
+https://github.com/ArtifexSoftware/jbig2dec/commit/f6d326878893dc92b45cbd18e25ab4d2b3a8db73
+----
+From f6d326878893dc92b45cbd18e25ab4d2b3a8db73 Mon Sep 17 00:00:00 2001
+From: Sebastian Rasmussen <sebras@gmail.com>
+Date: Sun, 15 Sep 2019 18:12:31 +0200
+Subject: [PATCH] jbig2dec: Add overflow detection for IAID context size.
+
+---
+ jbig2_arith_iaid.c | 13 +++++++++++--
+ 1 file changed, 11 insertions(+), 2 deletions(-)
+
+diff --git a/jbig2_arith_iaid.c b/jbig2_arith_iaid.c
+index 78dc830..bbc38a0 100644
+--- a/jbig2_arith_iaid.c
++++ b/jbig2_arith_iaid.c
+@@ -44,9 +44,18 @@ struct _Jbig2ArithIaidCtx {
+ Jbig2ArithIaidCtx *
+ jbig2_arith_iaid_ctx_new(Jbig2Ctx *ctx, int SBSYMCODELEN)
+ {
+- Jbig2ArithIaidCtx *result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+- int ctx_size = 1 << SBSYMCODELEN;
++ Jbig2ArithIaidCtx *result;
++ size_t ctx_size;
+
++ if (sizeof(ctx_size) * 8 <= SBSYMCODELEN)
++ {
++ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "requested IAID arithmetic coding state size too large");
++ return NULL;
++ }
++
++ ctx_size = 1 << SBSYMCODELEN;
++
++ result = jbig2_new(ctx, Jbig2ArithIaidCtx, 1);
+ if (result == NULL) {
+ jbig2_error(ctx, JBIG2_SEVERITY_FATAL, -1, "failed to allocate IAID arithmetic coding state");
+ return NULL;