mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-05-07 05:10:20 +00:00
Code Issues Projects Releases Wiki Activity

openjpeg: patch CVE-2026-6192

Browse Source 
Details: https://nvd.nist.gov/vuln/detail/CVE-2026-6192

Backport the patch referenced by the NVD advisory.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>
This commit is contained in:
Gyorgy Sarvari
2026-04-20 11:33:17 +02:00
committed by Khem Raj
parent e88f57539e
commit 09050325e6
2 changed files with 36 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2026-6192.patch
+35
View File
@@ -0,0 +1,35 @@
From 776b00ff792a3c54b65f3bd92dbe7476a5a54106 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 5 Apr 2026 13:25:27 +0200
Subject: [PATCH] opj_pi_initialise_encode() (write code path): avoid potential
integer overflow leading to insufficient memory allocation
Fixes #1619
CVE: CVE-2026-6192
Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/839936aa33eb8899bbbd80fda02796bb65068951]
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
src/lib/openjp2/pi.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/lib/openjp2/pi.c b/src/lib/openjp2/pi.c
index 15ac3314..4abb87af 100644
--- a/src/lib/openjp2/pi.c
+++ b/src/lib/openjp2/pi.c
@@ -1694,9 +1694,12 @@ opj_pi_iterator_t *opj_pi_initialise_encode(const opj_image_t *p_image,
l_current_pi = l_pi;
/* memory allocation for include*/
- l_current_pi->include_size = l_tcp->numlayers * l_step_l;
- l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
- sizeof(OPJ_INT16));
+ l_current_pi->include = NULL;
+ if (l_step_l <= UINT_MAX / l_tcp->numlayers) {
+ l_current_pi->include_size = l_tcp->numlayers * l_step_l;
+ l_current_pi->include = (OPJ_INT16*) opj_calloc(l_current_pi->include_size,
+ sizeof(OPJ_INT16));
+ }
if (!l_current_pi->include) {
opj_free(l_tmp_data);
opj_free(l_tmp_ptr);
meta-oe/recipes-graphics/openjpeg/openjpeg_2.5.4.bb
+1
View File
@@ -8,6 +8,7 @@ DEPENDS = "libpng tiff lcms zlib"
SRC_URI = "git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
file://0001-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
file://CVE-2023-39327.patch \
file://CVE-2026-6192.patch \
"
SRCREV = "6c4a29b00211eb0430fa0e5e890f1ce5c80f409f"