mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
jasper: patch CVE-2025-8837
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-8837 Pick the patch that is referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Gyorgy Sarvari
@@ -0,0 +1,63 @@
|
|||||||
|
From 61c37530a3abcb5db2f7a431e91dbb3531ff1816 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Michael Adams <mdadams@ece.uvic.ca>
|
||||||
|
Date: Tue, 5 Aug 2025 20:46:48 -0700
|
||||||
|
Subject: [PATCH] Fixes #402, #403.
|
||||||
|
|
||||||
|
JPEG-2000 (JPC) Decoder:
|
||||||
|
- Added the setting of several pointers to null in some cleanup code
|
||||||
|
after the pointed-to memory was freed. This pointer nulling is not
|
||||||
|
needed normally, but it is needed when certain debugging logs are
|
||||||
|
enabled (so that the debug code understands that the memory associated
|
||||||
|
with the aforementioned pointers has been freed).
|
||||||
|
|
||||||
|
CVE: CVE-2025-8837
|
||||||
|
Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/8308060d3fbc1da10353ac8a95c8ea60eba9c25a]
|
||||||
|
|
||||||
|
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
|
||||||
|
---
|
||||||
|
src/libjasper/jpc/jpc_dec.c | 13 ++++++++-----
|
||||||
|
1 file changed, 8 insertions(+), 5 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
|
||||||
|
index 2553696..c2600c4 100644
|
||||||
|
--- a/src/libjasper/jpc/jpc_dec.c
|
||||||
|
+++ b/src/libjasper/jpc/jpc_dec.c
|
||||||
|
@@ -1107,23 +1107,23 @@ static int jpc_dec_tilefini(jpc_dec_t *dec, jpc_dec_tile_t *tile)
|
||||||
|
|
||||||
|
if (tile->cp) {
|
||||||
|
jpc_dec_cp_destroy(tile->cp);
|
||||||
|
- //tile->cp = 0;
|
||||||
|
+ tile->cp = 0;
|
||||||
|
}
|
||||||
|
if (tile->tcomps) {
|
||||||
|
jas_free(tile->tcomps);
|
||||||
|
- //tile->tcomps = 0;
|
||||||
|
+ tile->tcomps = 0;
|
||||||
|
}
|
||||||
|
if (tile->pi) {
|
||||||
|
jpc_pi_destroy(tile->pi);
|
||||||
|
- //tile->pi = 0;
|
||||||
|
+ tile->pi = 0;
|
||||||
|
}
|
||||||
|
if (tile->pkthdrstream) {
|
||||||
|
jas_stream_close(tile->pkthdrstream);
|
||||||
|
- //tile->pkthdrstream = 0;
|
||||||
|
+ tile->pkthdrstream = 0;
|
||||||
|
}
|
||||||
|
if (tile->pptstab) {
|
||||||
|
jpc_ppxstab_destroy(tile->pptstab);
|
||||||
|
- //tile->pptstab = 0;
|
||||||
|
+ tile->pptstab = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
tile->state = JPC_TILE_DONE;
|
||||||
|
@@ -2259,6 +2259,9 @@ static int jpc_dec_dump(const jpc_dec_t *dec, FILE *out)
|
||||||
|
const jpc_dec_tile_t *tile;
|
||||||
|
for (tileno = 0, tile = dec->tiles; tileno < dec->numtiles;
|
||||||
|
++tileno, ++tile) {
|
||||||
|
+ if (!tile->tcomps) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
assert(!dec->numcomps || tile->tcomps);
|
||||||
|
unsigned compno;
|
||||||
|
const jpc_dec_tcomp_t *tcomp;
|
||||||
@@ -7,6 +7,7 @@ SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
|
|||||||
file://CVE-2023-51257.patch \
|
file://CVE-2023-51257.patch \
|
||||||
file://CVE-2025-8835.patch \
|
file://CVE-2025-8835.patch \
|
||||||
file://CVE-2025-8836.patch \
|
file://CVE-2025-8836.patch \
|
||||||
|
file://CVE-2025-8837.patch \
|
||||||
"
|
"
|
||||||
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
|
SRCREV = "fe00207dc10db1d7cc6f2757961c5c6bdfd10973"
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user