X-Git-Url: https://review.fuel-infra.org/gitweb?a=blobdiff_plain;f=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fjasper%2F0005-fix-CVE-2014-8157.patch;fp=cirros-testvm%2Fsrc-cirros%2Fbuildroot-2015.05%2Fpackage%2Fjasper%2F0005-fix-CVE-2014-8157.patch;h=ab81674f93182ec756989bd7fa802a04563db47f;hb=b0a0f15dfaa205161a7fcb20cf1b8cd4948c2ef3;hp=0000000000000000000000000000000000000000;hpb=c6ac3cd55ee2da956195eee393b0882105dfad4e;p=packages%2Ftrusty%2Fcirros-testvm.git

diff --git a/cirros-testvm/src-cirros/buildroot-2015.05/package/jasper/0005-fix-CVE-2014-8157.patch b/cirros-testvm/src-cirros/buildroot-2015.05/package/jasper/0005-fix-CVE-2014-8157.patch
new file mode 100644
index 0000000..ab81674
--- /dev/null
+++ b/cirros-testvm/src-cirros/buildroot-2015.05/package/jasper/0005-fix-CVE-2014-8157.patch
@@ -0,0 +1,17 @@
+Fix CVE-2014-8157 - dec->numtiles off-by-one check in jpc_dec_process_sot()
+From https://bugzilla.redhat.com/show_bug.cgi?id=1179282
+
+Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
+
+diff -up jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157 jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1/src/libjasper/jpc/jpc_dec.c.CVE-2014-8157	2015-01-19 16:59:36.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2015-01-19 17:07:41.609863268 +0100
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ 		dec->curtileendoff = 0;
+ 	}
+ 
+-	if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++	if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ 		jas_eprintf("invalid tile number in SOT marker segment\n");
+ 		return -1;
+ 	}