mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
jasper: patch CVE-2025-8837
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
@@ -0,0 +1,63 @@
|
||||
From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
|
||||
From: Michael Adams <mdadams@ece.uvic.ca>
|
||||
Date: Tue, 5 Aug 2025 20:46:48 -0700
|
||||
Subject: [PATCH] Fixes #402, #403.
|
||||
|
||||
JPEG-2000 (JPC) Decoder:
|
||||
- Added the setting of several pointers to null in some cleanup code
|
||||
after the pointed-to memory was freed. This pointer nulling is not
|
||||
needed normally, but it is needed when certain debugging logs are
|
||||
enabled (so that the debug code understands that the memory associated
|
||||
with the aforementioned pointers has been freed).
|
||||
|
||||
CVE: CVE-2025-8837
|
||||
Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
|
||||
|
||||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||
---
|
||||
src/libjasper/jpc/jpc_dec.c | 13 ++++++++-----
|
||||
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||
|
||||
diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
|
||||
index 2553696..c2600c4 100644
|
||||
--- a/src/libjasper/jpc/jpc_dec.c
|
||||
+++ b/src/libjasper/jpc/jpc_dec.c
|
||||
@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile)
|
||||
|
||||
if (tile->cp) {
|
||||
jpc_dec_cp_destroy(tile->cp);
|
||||
- //tile->cp = 0;
|
||||
+ tile->cp = 0;
|
||||
}
|
||||
if (tile->tcomps) {
|
||||
jas_free(tile->tcomps);
|
||||
- //tile->tcomps = 0;
|
||||
+ tile->tcomps = 0;
|
||||
}
|
||||
if (tile->pi) {
|
||||
jpc_pi_destroy(tile->pi);
|
||||
- //tile->pi = 0;
|
||||
+ tile->pi = 0;
|
||||
}
|
||||
if (tile->pkthdrstream) {
|
||||
jas_stream_close(tile->pkthdrstream);
|
||||
- //tile->pkthdrstream = 0;
|
||||
+ tile->pkthdrstream = 0;
|
||||
}
|
||||
if (tile->pptstab) {
|
||||
jpc_ppxstab_destroy(tile->pptstab);
|
||||
- //tile->pptstab = 0;
|
||||
+ tile->pptstab = 0;
|
||||
}
|
||||
|
||||
tile->state = JPC_TILE_DONE;
|
||||
@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out)
|
||||
const jpc_dec_tile_t *tile;
|
||||
for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
|
||||
++tileno, ++tile) {
|
||||
+ if (!tile->tcomps) {
|
||||
+ continue;
|
||||
+ }
|
||||
assert(!dec->numcomps || tile->tcomps);
|
||||
unsigned compno;
|
||||
const jpc_dec_tcomp_t *tcomp;
|
||||
@@ -7,6 +7,7 @@ SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
|
||||
file://CVE-2023-51257.patch \
|
||||
file://CVE-2025-8835.patch \
|
||||
file://CVE-2025-8836.patch \
|
||||
file://CVE-2025-8837.patch \
|
||||
"
|
||||
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user