openjpeg: Fix CVE-2025-50952

Upstream commit: https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
2026-06-13 17:39:57 +00:00 · 2025-09-02 10:24:17 +05:30
parent 75133b7be5
commit 10b6475cf2
2 changed files with 33 additions and 0 deletions
@@ -0,0 +1,32 @@
+From d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:17:00 +0100
+Subject: [PATCH] opj_dwt_decode_tile(): avoid potential
+ UndefinedBehaviorSanitizer 'applying zero offset to null pointer' (fixes
+ #1505)
+
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37]
+CVE: CVE-2025-50952
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/lib/openjp2/dwt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index 4164ba09..f42c47b6 100644
+--- a/src/lib/openjp2/dwt.c
+++ b/src/lib/openjp2/dwt.c
+@@ -2080,7 +2080,9 @@ static OPJ_BOOL opj_dwt_decode_tile(opj_thread_pool_t* tp,
+     OPJ_SIZE_T h_mem_size;
+     int num_threads;
+ 
+-    if (numres == 1U) {
+    /* Not entirely sure for the return code of w == 0 which is triggered per */
+    /* https://github.com/uclouvain/openjpeg/issues/1505 */
+    if (numres == 1U || w == 0) {
+         return OPJ_TRUE;
+     }
+     num_threads = opj_thread_pool_get_thread_count(tp);
+-- 
+2.25.1
+
@@ -15,6 +15,7 @@ SRC_URI = " \
    file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
    file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
    file://CVE-2023-39327.patch \
+    file://CVE-2025-50952.patch \
 "
 SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
 S = "${WORKDIR}/git"