forked from Lainports/opnsense-ports
39 lines
1.4 KiB
C
39 lines
1.4 KiB
C
--- src/libjasper/mif/mif_cod.c.orig 2007-01-19 22:43:05.000000000 +0100
|
|
+++ src/libjasper/mif/mif_cod.c 2016-02-20 14:19:34.799575000 +0100
|
|
@@ -107,7 +107,7 @@
|
|
static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
|
|
static mif_cmpt_t *mif_cmpt_create(void);
|
|
static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
|
|
-static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
|
|
+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
|
|
static int mif_getc(jas_stream_t *in);
|
|
static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
|
|
|
|
@@ -438,8 +438,7 @@
|
|
int cmptno;
|
|
mif_cmpt_t **newcmpts;
|
|
assert(maxcmpts >= hdr->numcmpts);
|
|
- newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) :
|
|
- jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *));
|
|
+ newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *));
|
|
if (!newcmpts) {
|
|
return -1;
|
|
}
|
|
@@ -571,6 +570,8 @@
|
|
}
|
|
}
|
|
jas_tvparser_destroy(tvp);
|
|
+ /* fix for CVE-2015-5221 */
|
|
+ tvp = NULL;
|
|
if (!cmpt->sampperx || !cmpt->samppery) {
|
|
goto error;
|
|
}
|
|
@@ -658,7 +659,7 @@
|
|
* MIF parsing code.
|
|
\******************************************************************************/
|
|
|
|
-static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
|
|
+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
|
|
{
|
|
int c;
|
|
char *bufptr;
|