debian/0000755000000000000000000000000013314724000007160 5ustar debian/libjasper1.install0000644000000000000000000000004411654266025012617 0ustar debian/tmp/usr/lib/*/libjasper.so.* debian/libjasper-dev.install0000644000000000000000000000153011654266025013313 0ustar debian/tmp/usr/include/jasper/jas_cm.h debian/tmp/usr/include/jasper/jas_config.h debian/tmp/usr/include/jasper/jas_config2.h debian/tmp/usr/include/jasper/jas_debug.h debian/tmp/usr/include/jasper/jas_fix.h debian/tmp/usr/include/jasper/jas_getopt.h debian/tmp/usr/include/jasper/jas_icc.h debian/tmp/usr/include/jasper/jas_image.h debian/tmp/usr/include/jasper/jas_init.h debian/tmp/usr/include/jasper/jas_malloc.h debian/tmp/usr/include/jasper/jas_math.h debian/tmp/usr/include/jasper/jas_seq.h debian/tmp/usr/include/jasper/jas_stream.h debian/tmp/usr/include/jasper/jas_string.h debian/tmp/usr/include/jasper/jas_tmr.h debian/tmp/usr/include/jasper/jas_tvp.h debian/tmp/usr/include/jasper/jas_types.h debian/tmp/usr/include/jasper/jas_version.h debian/tmp/usr/include/jasper/jasper.h debian/tmp/usr/lib/*/libjasper.a debian/tmp/usr/lib/*/libjasper.so debian/jiv.10000644000000000000000000000107211606647215010050 0ustar .TH jiv 1 "20 June 2004" "Version 1.701.0" "JasPer Manual" .SH NAME jiv \- Image display utility .SH SYNOPSIS .B jiv .RI [ options ] .RI [ file ... ] .SH DESCRIPTION The .B jiv command displays a JPEG-2000 image on an X display. Use the arrow keys for scrolling and < and > for zooming. Please use the \-\-help command line switch and the JasPer Software Reference Manual for more information. .SH SEE ALSO .IR jasper (1) .SH AUTHOR Michael D. Adams This manpage was initially written by Roland Stigge for the Debian Project. debian/rules0000755000000000000000000000026712250363743010260 0ustar #!/usr/bin/make -f # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 %: dh $@ --with autoreconf override_dh_auto_configure: dh_auto_configure -- --enable-shared=yes debian/libjasper-dev.docs0000644000000000000000000000004511606647215012576 0ustar doc/jasper.pdf doc/jpeg2000.pdf NEWS debian/control0000644000000000000000000000405712440335265010603 0ustar Source: jasper Priority: optional Section: graphics Maintainer: Ubuntu Developers XSBC-Original-Maintainer: Roland Stigge Build-Depends: debhelper (>= 8.1.3~), freeglut3-dev, libjpeg8-dev, libxi-dev, libxmu-dev, libxt-dev, autotools-dev, dh-autoreconf Standards-Version: 3.9.2 Package: libjasper1 Section: libs Architecture: any Multi-Arch: same Pre-Depends: ${misc:Pre-Depends} Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libjasper-1.700-2 Replaces: libjasper-1.700-2 Suggests: libjasper-runtime Description: JasPer JPEG-2000 runtime library JasPer is a collection of software (i.e., a library and application programs) for the coding and manipulation of images. This software can handle image data in a variety of formats. One such format supported by JasPer is the JPEG-2000 format defined in ISO/IEC 15444-1:2000. . This package contains the shared library. Package: libjasper-dev Section: libdevel Architecture: any Depends: libjasper1 (= ${binary:Version}), ${misc:Depends} Conflicts: libjasper-1.700-2-dev Replaces: libjasper-1.700-2-dev Description: Development files for the JasPer JPEG-2000 library JasPer is a collection of software (i.e., a library and application programs) for the coding and manipulation of images. This software can handle image data in a variety of formats. One such format supported by JasPer is the JPEG-2000 format defined in ISO/IEC 15444-1:2000. . This package contains the static library and headers. Package: libjasper-runtime Section: graphics Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Conflicts: libjasper-progs Replaces: libjasper-progs Description: Programs for manipulating JPEG-2000 files JasPer is a collection of software (i.e., a library and application programs) for the coding and manipulation of images. This software can handle image data in a variety of formats. One such format supported by JasPer is the JPEG-2000 format defined in ISO/IEC 15444-1:2000. . This package contains programs for manipulating JPEG-2000 files. debian/watch0000644000000000000000000000010411622251300010202 0ustar version=3 http://www.ece.uvic.ca/~mdadams/jasper/ .*jasper-(.*).zip debian/patches/0000755000000000000000000000000013314723637010626 5ustar debian/patches/series0000644000000000000000000000147413314723637012051 0ustar 01-misc-fixes.patch 02-fix-filename-buffer-overflow.patch 03-CVE-2011-4516-and-CVE-2011-4517.patch 04-CVE-2014-9029.patch 05-CVE-2014-8137.patch 06-CVE-2014-8138.patch 07-CVE-2014-8157.patch 08-CVE-2014-8158.patch 09-CVE-2016-1577.patch 10-CVE-2016-2089.patch 11-CVE-2016-2116.patch 12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patch 13_CVE-2016-9591.patch 14_CVE-2016-10249.patch 15_CVE-2016-10251.patch CVE-2015-5203-CVE-2016-9262.patch CVE-2015-5221.patch CVE-2016-8883.patch CVE-2016-8887.patch CVE-2016-9387-1.patch CVE-2016-9387-2.patch CVE-2016-9388.patch CVE-2016-9389.patch CVE-2016-9390.patch CVE-2016-9391.patch CVE-2016-9392-3-4.patch CVE-2016-9396.patch CVE-2016-9600.patch CVE-2016-10248.patch CVE-2016-10250.patch CVE-2017-6850.patch CVE-2017-1000050.patch debian/patches/15_CVE-2016-10251.patch0000644000000000000000000000662313071134764013631 0ustar From 1f0dfe5a42911b6880a1445f13f6d615ddb55387 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Fri, 4 Nov 2016 07:20:23 -0700 Subject: [PATCH] Fixed an integer overflow problem in the JPC codec that later resulted in the use of uninitialized data. --- src/libjasper/jpc/jpc_t2cod.c | 20 ++++++++++---------- src/libjasper/jpc/jpc_t2cod.h | 20 ++++++++++---------- 2 files changed, 20 insertions(+), 20 deletions(-) diff --git a/src/libjasper/jpc/jpc_t2cod.c b/src/libjasper/jpc/jpc_t2cod.c index 08315dd..174442a 100644 --- a/src/libjasper/jpc/jpc_t2cod.c +++ b/src/libjasper/jpc/jpc_t2cod.c @@ -432,18 +432,18 @@ static int jpc_pi_nextcprl(register jpc_pi_t *pi) &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { pirlvl = pi->picomp->pirlvls; - pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + - pi->picomp->numrlvls - 1)); - pi->ystep = pi->picomp->vsamp * (1 << (pirlvl->prcheightexpn + - pi->picomp->numrlvls - 1)); + pi->xstep = pi->picomp->hsamp * (JAS_CAST(uint_fast32_t, 1) << + (pirlvl->prcwidthexpn + pi->picomp->numrlvls - 1)); + pi->ystep = pi->picomp->vsamp * (JAS_CAST(uint_fast32_t, 1) << + (pirlvl->prcheightexpn + pi->picomp->numrlvls - 1)); for (rlvlno = 1, pirlvl = &pi->picomp->pirlvls[1]; rlvlno < pi->picomp->numrlvls; ++rlvlno, ++pirlvl) { - pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * (1 << - (pirlvl->prcwidthexpn + pi->picomp->numrlvls - - rlvlno - 1))); - pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * (1 << - (pirlvl->prcheightexpn + pi->picomp->numrlvls - - rlvlno - 1))); + pi->xstep = JAS_MIN(pi->xstep, pi->picomp->hsamp * + (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcwidthexpn + + pi->picomp->numrlvls - rlvlno - 1))); + pi->ystep = JAS_MIN(pi->ystep, pi->picomp->vsamp * + (JAS_CAST(uint_fast32_t, 1) << (pirlvl->prcheightexpn + + pi->picomp->numrlvls - rlvlno - 1))); } for (pi->y = pi->ystart; pi->y < pi->yend; pi->y += pi->ystep - (pi->y % pi->ystep)) { diff --git a/src/libjasper/jpc/jpc_t2cod.h b/src/libjasper/jpc/jpc_t2cod.h index 0a176c9..690e031 100644 --- a/src/libjasper/jpc/jpc_t2cod.h +++ b/src/libjasper/jpc/jpc_t2cod.h @@ -129,10 +129,10 @@ typedef struct { jpc_pirlvl_t *pirlvls; /* The horizontal sampling period. */ - int hsamp; + uint_fast32_t hsamp; /* The vertical sampling period. */ - int vsamp; + uint_fast32_t vsamp; } jpc_picomp_t; @@ -171,32 +171,32 @@ typedef struct { int lyrno; /* The x-coordinate of the current position. */ - int x; + uint_fast32_t x; /* The y-coordinate of the current position. */ - int y; + uint_fast32_t y; /* The horizontal step size. */ - int xstep; + uint_fast32_t xstep; /* The vertical step size. */ - int ystep; + uint_fast32_t ystep; /* The x-coordinate of the top-left corner of the tile on the reference grid. */ - int xstart; + uint_fast32_t xstart; /* The y-coordinate of the top-left corner of the tile on the reference grid. */ - int ystart; + uint_fast32_t ystart; /* The x-coordinate of the bottom-right corner of the tile on the reference grid (plus one). */ - int xend; + uint_fast32_t xend; /* The y-coordinate of the bottom-right corner of the tile on the reference grid (plus one). */ - int yend; + uint_fast32_t yend; /* The current progression change. */ jpc_pchg_t *pchg; debian/patches/CVE-2017-6850.patch0000644000000000000000000002032013314674614013250 0ustar From e96fc4fdd525fa0ede28074a7e2b1caf94b58b0d Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Sat, 4 Mar 2017 14:43:24 -0800 Subject: [PATCH] Fixed bugs due to uninitialized data in the JP2 decoder. Also, added some comments marking I/O stream interfaces that probably need to be changed (in the long term) to fix integer overflow problems. --- src/libjasper/base/jas_stream.c | 18 +++++++++++++++++ src/libjasper/jp2/jp2_cod.c | 44 ++++++++++++++++++++++++++++------------- 2 files changed, 48 insertions(+), 14 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_stream.c 2018-06-27 07:48:23.306012536 -0400 +++ jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c 2018-06-27 07:48:23.302012524 -0400 @@ -498,6 +498,7 @@ int jas_stream_ungetc(jas_stream_t *stre return 0; } +/* FIXME integral type */ int jas_stream_read(jas_stream_t *stream, void *buf, int cnt) { int n; @@ -518,6 +519,7 @@ int jas_stream_read(jas_stream_t *stream return n; } +/* FIXME integral type */ int jas_stream_write(jas_stream_t *stream, const void *buf, int cnt) { int n; @@ -564,6 +566,7 @@ int jas_stream_puts(jas_stream_t *stream return 0; } +/* FIXME integral type */ char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize) { int c; @@ -585,6 +588,7 @@ char *jas_stream_gets(jas_stream_t *stre return buf; } +/* FIXME integral type */ int jas_stream_gobble(jas_stream_t *stream, int n) { int m; @@ -597,6 +601,7 @@ int jas_stream_gobble(jas_stream_t *stre return n; } +/* FIXME integral type */ int jas_stream_pad(jas_stream_t *stream, int n, int c) { int m; @@ -687,6 +692,7 @@ long jas_stream_tell(jas_stream_t *strea * Buffer initialization code. \******************************************************************************/ +/* FIXME integral type */ static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf, int bufsize) { @@ -862,6 +868,7 @@ static int jas_strtoopenmode(const char return openmode; } +/* FIXME integral type */ int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n) { int all; @@ -887,6 +894,7 @@ int jas_stream_copy(jas_stream_t *out, j return 0; } +/* FIXME integral type */ long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt) { int old; @@ -896,6 +904,7 @@ long jas_stream_setrwcount(jas_stream_t return old; } +/* FIXME integral type */ int jas_stream_display(jas_stream_t *stream, FILE *fp, int n) { unsigned char buf[16]; @@ -970,6 +979,7 @@ long jas_stream_length(jas_stream_t *str * Memory stream object. \******************************************************************************/ +/* FIXME integral type */ static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt) { int n; @@ -995,6 +1005,7 @@ static int mem_resize(jas_stream_memobj_ return 0; } +/* FIXME integral type */ static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt) { int n; @@ -1040,6 +1051,7 @@ assert(ret == cnt); return ret; } +/* FIXME integral type */ static long mem_seek(jas_stream_obj_t *obj, long offset, int origin) { jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj; @@ -1082,18 +1094,21 @@ static int mem_close(jas_stream_obj_t *o * File stream object. \******************************************************************************/ +/* FIXME integral type */ static int file_read(jas_stream_obj_t *obj, char *buf, int cnt) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); return read(fileobj->fd, buf, cnt); } +/* FIXME integral type */ static int file_write(jas_stream_obj_t *obj, char *buf, int cnt) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); return write(fileobj->fd, buf, cnt); } +/* FIXME integral type */ static long file_seek(jas_stream_obj_t *obj, long offset, int origin) { jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj); @@ -1116,6 +1131,7 @@ static int file_close(jas_stream_obj_t * * Stdio file stream object. \******************************************************************************/ +/* FIXME integral type */ static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt) { FILE *fp; @@ -1123,6 +1139,7 @@ static int sfile_read(jas_stream_obj_t * return fread(buf, 1, cnt, fp); } +/* FIXME integral type */ static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt) { FILE *fp; @@ -1130,6 +1147,7 @@ static int sfile_write(jas_stream_obj_t return fwrite(buf, 1, cnt, fp); } +/* FIXME integral type */ static long sfile_seek(jas_stream_obj_t *obj, long offset, int origin) { FILE *fp; Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:48:23.306012536 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:48:23.302012524 -0400 @@ -190,15 +190,28 @@ jp2_boxinfo_t jp2_boxinfo_unk = { * Box constructor. \******************************************************************************/ -jp2_box_t *jp2_box_create(int type) +jp2_box_t *jp2_box_create0() { jp2_box_t *box; - jp2_boxinfo_t *boxinfo; - if (!(box = jas_malloc(sizeof(jp2_box_t)))) { return 0; } memset(box, 0, sizeof(jp2_box_t)); + box->type = 0; + box->len = 0; + // Mark the box data as never having been constructed + // so that we will not errantly attempt to destroy it later. + box->ops = &jp2_boxinfo_unk.ops; + return box; +} + +jp2_box_t *jp2_box_create(int type) +{ + jp2_box_t *box; + jp2_boxinfo_t *boxinfo; + if (!(box = jp2_box_create0())) { + return 0; + } box->type = type; box->len = 0; if (!(boxinfo = jp2_boxinfolookup(type))) { @@ -255,14 +268,9 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) box = 0; tmpstream = 0; - if (!(box = jas_malloc(sizeof(jp2_box_t)))) { + if (!(box = jp2_box_create0())) { goto error; } - - // Mark the box data as never having been constructed - // so that we will not errantly attempt to destroy it later. - box->ops = &jp2_boxinfo_unk.ops; - if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) { goto error; } @@ -270,10 +278,12 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) box->info = boxinfo; box->len = len; JAS_DBGLOG(10, ( - "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n", + "preliminary processing of JP2 box: " + "type=%c%s%c (0x%08x); length=%"PRIuFAST32"\n", '"', boxinfo->name, '"', box->type, box->len )); if (box->len == 1) { + JAS_DBGLOG(10, ("big length\n")); if (jp2_getuint64(in, &extlen)) { goto error; } @@ -390,6 +400,7 @@ static int jp2_bpcc_getdata(jp2_box_t *b { jp2_bpcc_t *bpcc = &box->data.bpcc; unsigned int i; + bpcc->bpcs = 0; bpcc->numcmpts = box->datalen; if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { return -1; @@ -469,6 +480,7 @@ static int jp2_cdef_getdata(jp2_box_t *b jp2_cdef_t *cdef = &box->data.cdef; jp2_cdefchan_t *chan; unsigned int channo; + cdef->ents = 0; if (jp2_getuint16(in, &cdef->numchans)) { return -1; } @@ -523,7 +535,9 @@ int jp2_box_put(jp2_box_t *box, jas_stre } if (dataflag) { - if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) { + if (jas_stream_copy(out, tmpstream, box->len - + JP2_BOX_HDRLEN(false))) { + jas_eprintf("cannot copy box data\n"); goto error; } jas_stream_close(tmpstream); @@ -783,6 +797,7 @@ static int jp2_cmap_getdata(jp2_box_t *b jp2_cmap_t *cmap = &box->data.cmap; jp2_cmapent_t *ent; unsigned int i; + cmap->ents = 0; cmap->numchans = (box->datalen) / 4; if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) { @@ -841,6 +856,7 @@ static int jp2_pclr_getdata(jp2_box_t *b int_fast32_t x; pclr->lutdata = 0; + pclr->bpc = 0; if (jp2_getuint16(in, &pclr->numlutents) || jp2_getuint8(in, &pclr->numchans)) { @@ -875,9 +891,9 @@ static int jp2_pclr_putdata(jp2_box_t *b #if 0 jp2_pclr_t *pclr = &box->data.pclr; #endif -/* Eliminate warning about unused variable. */ -box = 0; -out = 0; + /* Eliminate warning about unused variable. */ + box = 0; + out = 0; return -1; } debian/patches/07-CVE-2014-8157.patch0000644000000000000000000000133112460232336013464 0ustar Description: CVE-2014-8157: dec->numtiles off-by-one check in jpc_dec_process_sot() Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8157.patch Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179282 Bug-Debian: https://bugs.debian.org/775970 Forwarded: not-needed Author: Salvatore Bonaccorso Last-Update: 2015-01-22 --- a/src/libjasper/jpc/jpc_dec.c +++ b/src/libjasper/jpc/jpc_dec.c @@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t dec->curtileendoff = 0; } - if (JAS_CAST(int, sot->tileno) > dec->numtiles) { + if (JAS_CAST(int, sot->tileno) >= dec->numtiles) { jas_eprintf("invalid tile number in SOT marker segment\n"); return -1; } debian/patches/06-CVE-2014-8138.patch0000644000000000000000000000157412460235233013472 0ustar Description: CVE-2014-8138: heap overflow in jp2_decode() Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=967280 Bug-Debian: https://bugs.debian.org/773463 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1173162 Forwarded: no Author: Tomas Hoger Last-Update: 2014-12-20 --- a/src/libjasper/jp2/jp2_dec.c +++ b/src/libjasper/jp2/jp2_dec.c @@ -389,6 +389,11 @@ jas_image_t *jp2_decode(jas_stream_t *in /* Determine the type of each component. */ if (dec->cdef) { for (i = 0; i < dec->numchans; ++i) { + /* Is the channel number reasonable? */ + if (dec->cdef->data.cdef.ents[i].channo >= dec->numchans) { + jas_eprintf("error: invalid channel number in CDEF box\n"); + goto error; + } jas_image_setcmpttype(dec->image, dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo], jp2_getct(jas_image_clrspc(dec->image), debian/patches/CVE-2016-8887.patch0000644000000000000000000000401413314673334013263 0ustar From e24bdc716c3327b067c551bc6cfb97fd2370358d Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Fri, 21 Oct 2016 00:00:27 -0700 Subject: [PATCH] Fixed a bug that resulted in the destruction of JP2 box data that had never been constructed in the first place. --- src/libjasper/jp2/jp2_cod.c | 7 +++++++ src/libjasper/jp2/jp2_dec.c | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:36:57.759138056 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:36:57.759138056 -0400 @@ -266,6 +266,10 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) box->info = boxinfo; box->ops = &boxinfo->ops; box->len = len; + JAS_DBGLOG(10, ( + "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n", + '"', boxinfo->name, '"', box->type, box->len + )); if (box->len == 1) { if (jp2_getuint64(in, &extlen)) { goto error; @@ -290,6 +294,9 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) goto error; } if (jas_stream_copy(tmpstream, in, box->datalen)) { + // Mark the box data as never having been constructed + // so that we will not errantly attempt to destroy it later. + box->ops = &jp2_boxinfo_unk.ops; jas_eprintf("cannot copy box data\n"); goto error; } Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_dec.c 2018-06-27 07:36:57.759138056 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_dec.c 2018-06-27 07:36:57.759138056 -0400 @@ -155,7 +155,7 @@ jas_image_t *jp2_decode(jas_stream_t *in found = 0; while ((box = jp2_box_get(in))) { if (jas_getdbglevel() >= 1) { - jas_eprintf("box type %s\n", box->info->name); + jas_eprintf("got box type %s\n", box->info->name); } switch (box->type) { case JP2_BOX_JP2C: debian/patches/CVE-2016-9391.patch0000644000000000000000000000465513314723137013262 0ustar From 1e84674d95353c64e5c4c0e7232ae86fd6ea813b Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Tue, 25 Oct 2016 07:01:50 -0700 Subject: [PATCH] Changed the JPC bitstream code to more gracefully handle a request for a larger sized integer than what can be handled (i.e., return with an error instead of failing an assert). --- src/libjasper/jpc/jpc_bs.c | 10 ++++++++-- src/libjasper/jpc/jpc_cs.c | 4 ++-- src/libjasper/jpc/jpc_dec.c | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_bs.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_bs.c 2018-06-27 07:42:26.668574848 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_bs.c 2018-06-27 07:42:26.664574829 -0400 @@ -195,7 +195,10 @@ long jpc_bitstream_getbits(jpc_bitstream /* We can reliably get at most 31 bits since ISO/IEC 9899 only guarantees that a long can represent values up to 2^31-1. */ - assert(n >= 0 && n < 32); + //assert(n >= 0 && n < 32); + if (n < 0 || n >= 32) { + return -1; + } /* Get the number of bits requested from the specified bit stream. */ v = 0; @@ -215,7 +218,10 @@ int jpc_bitstream_putbits(jpc_bitstream_ /* We can reliably put at most 31 bits since ISO/IEC 9899 only guarantees that a long can represent values up to 2^31-1. */ - assert(n >= 0 && n < 32); + //assert(n >= 0 && n < 32); + if (n < 0 || n >= 32) { + return EOF; + } /* Ensure that only the bits to be output are nonzero. */ assert(!(v & (~JAS_ONES(n)))); Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:42:26.668574848 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:42:26.664574829 -0400 @@ -893,8 +893,8 @@ static int jpc_qcd_dumpparms(jpc_ms_t *m (int) qcd->compparms.qntsty, qcd->compparms.numguard, qcd->compparms.numstepsizes); for (i = 0; i < qcd->compparms.numstepsizes; ++i) { fprintf(out, "expn[%d] = 0x%04x; mant[%d] = 0x%04x;\n", - i, (unsigned) JPC_QCX_GETEXPN(qcd->compparms.stepsizes[i]), - i, (unsigned) JPC_QCX_GETMANT(qcd->compparms.stepsizes[i])); + i, JAS_CAST(unsigned, JPC_QCX_GETEXPN(qcd->compparms.stepsizes[i])), + i, JAS_CAST(unsigned, JPC_QCX_GETMANT(qcd->compparms.stepsizes[i]))); } return 0; } debian/patches/CVE-2016-9388.patch0000644000000000000000000001017013314673563013264 0ustar Backport of: From 411a4068f8c464e883358bf403a3e25158863823 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Mon, 24 Oct 2016 06:56:08 -0700 Subject: [PATCH] Fixed a few bugs in the RAS encoder and decoder where errors were tested with assertions instead of being gracefully handled. --- src/libjasper/ras/ras_dec.c | 30 ++++++++++++++++++++++++------ src/libjasper/ras/ras_enc.c | 29 +++++++++++++++++++++++------ 2 files changed, 47 insertions(+), 12 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/ras/ras_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/ras/ras_dec.c 2018-06-27 07:38:42.655208012 -0400 +++ jasper-1.900.1-debian1/src/libjasper/ras/ras_dec.c 2018-06-27 07:38:42.651207983 -0400 @@ -257,9 +257,16 @@ static int ras_getdatastd(jas_stream_t * /* Avoid compiler warnings about unused parameters. */ cmap = 0; + assert(jas_image_numcmpts(image) <= 3); + + for (i = 0; i < 3; ++i) { + data[i] = 0; + } + for (i = 0; i < jas_image_numcmpts(image); ++i) { - data[i] = jas_matrix_create(1, jas_image_width(image)); - assert(data[i]); + if (!(data[i] = jas_matrix_create(1, jas_image_width(image)))) { + goto error; + } } pad = RAS_ROWSIZE(hdr) - (hdr->width * hdr->depth + 7) / 8; @@ -270,7 +277,7 @@ static int ras_getdatastd(jas_stream_t * for (x = 0; x < hdr->width; x++) { while (nz < hdr->depth) { if ((c = jas_stream_getc(in)) == EOF) { - return -1; + goto error; } z = (z << 8) | c; nz += 8; @@ -290,22 +297,31 @@ static int ras_getdatastd(jas_stream_t * } if (pad) { if ((c = jas_stream_getc(in)) == EOF) { - return -1; + goto error; } } for (i = 0; i < jas_image_numcmpts(image); ++i) { if (jas_image_writecmpt(image, i, 0, y, hdr->width, 1, data[i])) { - return -1; + goto error; } } } for (i = 0; i < jas_image_numcmpts(image); ++i) { jas_matrix_destroy(data[i]); + data[i] = 0; } return 0; + +error: + for (i = 0; i < 3; ++i) { + if (data[i]) { + jas_matrix_destroy(data[i]); + } + } + return -1; } static int ras_getcmap(jas_stream_t *in, ras_hdr_t *hdr, ras_cmap_t *cmap) @@ -324,7 +340,9 @@ static int ras_getcmap(jas_stream_t *in, { jas_eprintf("warning: palettized images not fully supported\n"); numcolors = 1 << hdr->depth; - assert(numcolors <= RAS_CMAP_MAXSIZ); + if (numcolors > RAS_CMAP_MAXSIZ) { + return -1; + } actualnumcolors = hdr->maplength / 3; for (i = 0; i < numcolors; i++) { cmap->data[i] = 0; Index: jasper-1.900.1-debian1/src/libjasper/ras/ras_enc.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/ras/ras_enc.c 2018-06-27 07:38:42.655208012 -0400 +++ jasper-1.900.1-debian1/src/libjasper/ras/ras_enc.c 2018-06-27 07:38:42.651207983 -0400 @@ -230,9 +230,17 @@ static int ras_putdatastd(jas_stream_t * jas_matrix_t *data[3]; int i; + assert(numcmpts <= 3); + + for (i = 0; i < 3; ++i) { + data[i] = 0; + } + for (i = 0; i < numcmpts; ++i) { - data[i] = jas_matrix_create(jas_image_height(image), jas_image_width(image)); - assert(data[i]); + if (!(data[i] = jas_matrix_create(jas_image_height(image), + jas_image_width(image)))) { + goto error; + } } rowsize = RAS_ROWSIZE(hdr); @@ -261,7 +269,7 @@ static int ras_putdatastd(jas_stream_t * while (nz >= 8) { c = (z >> (nz - 8)) & 0xff; if (jas_stream_putc(out, c) == EOF) { - return -1; + goto error; } nz -= 8; z &= RAS_ONES(nz); @@ -270,21 +278,30 @@ static int ras_putdatastd(jas_stream_t * if (nz > 0) { c = (z >> (8 - nz)) & RAS_ONES(nz); if (jas_stream_putc(out, c) == EOF) { - return -1; + goto error; } } if (pad % 2) { if (jas_stream_putc(out, 0) == EOF) { - return -1; + goto error; } } } for (i = 0; i < numcmpts; ++i) { jas_matrix_destroy(data[i]); + data[i] = 0; } return 0; + +error: + for (i = 0; i < numcmpts; ++i) { + if (data[i]) { + jas_matrix_destroy(data[i]); + } + } + return -1; } static int ras_puthdr(jas_stream_t *out, ras_hdr_t *hdr) debian/patches/CVE-2016-9392-3-4.patch0000644000000000000000000000636613314674272013572 0ustar Backport of: From f7038068550fba0e41e1d0c355787f1dcd5bf330 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Thu, 27 Oct 2016 20:11:57 -0700 Subject: [PATCH] Added some missing sanity checks on the data in a SIZ marker segment. --- src/libjasper/jpc/jpc_cs.c | 57 +++++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 16 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:42:34.204613183 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:44:37.397184040 -0400 @@ -483,6 +483,8 @@ static int jpc_siz_getparms(jpc_ms_t *ms unsigned int i; uint_fast8_t tmp; + siz->comps = 0; + /* Eliminate compiler warning about unused variables. */ cstate = 0; @@ -496,44 +498,67 @@ static int jpc_siz_getparms(jpc_ms_t *ms jpc_getuint32(in, &siz->tilexoff) || jpc_getuint32(in, &siz->tileyoff) || jpc_getuint16(in, &siz->numcomps)) { - return -1; + goto error; } - if (!siz->width || !siz->height || !siz->tilewidth || - !siz->tileheight || !siz->numcomps) { - return -1; - } - if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) { - jas_eprintf("all tiles are outside the image area\n"); - return -1; + if (!siz->width || !siz->height) { + jas_eprintf("reference grid cannot have zero area\n"); + goto error; + } + if (!siz->tilewidth || !siz->tileheight) { + jas_eprintf("tile cannot have zero area\n"); + goto error; + } + if (!siz->numcomps || siz->numcomps > 16384) { + jas_eprintf("number of components not in permissible range\n"); + goto error; + } + if (siz->xoff >= siz->width) { + jas_eprintf("XOsiz not in permissible range\n"); + goto error; + } + if (siz->yoff >= siz->height) { + jas_eprintf("YOsiz not in permissible range\n"); + goto error; + } + if (siz->tilexoff > siz->xoff || siz->tilexoff + siz->tilewidth <= siz->xoff) { + jas_eprintf("XTOsiz not in permissible range\n"); + goto error; + } + if (siz->tileyoff > siz->yoff || siz->tileyoff + siz->tileheight <= siz->yoff) { + jas_eprintf("YTOsiz not in permissible range\n"); + goto error; } + if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { - return -1; + goto error; } for (i = 0; i < siz->numcomps; ++i) { if (jpc_getuint8(in, &tmp) || jpc_getuint8(in, &siz->comps[i].hsamp) || jpc_getuint8(in, &siz->comps[i].vsamp)) { - jas_free(siz->comps); - return -1; + goto error; } if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp); - jas_free(siz->comps); - return -1; + goto error; } if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp); - jas_free(siz->comps); - return -1; + goto error; } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } if (jas_stream_eof(in)) { - jas_free(siz->comps); - return -1; + goto error; } return 0; + +error: + if (siz->comps) { + jas_free(siz->comps); + } + return -1; } static int jpc_siz_putparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *out) debian/patches/09-CVE-2016-1577.patch0000644000000000000000000000133012667034002013465 0ustar Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy() Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12 Bug-Ubuntu: https://launchpad.net/bugs/1547865 Bug-Debian: https://bugs.debian.org/816625 Forwarded: not-needed Author: Tyler Hicks Reviewed-by: Salvatore Bonaccorso Last-Update: 2016-03-05 --- a/src/libjasper/base/jas_icc.c +++ b/src/libjasper/base/jas_icc.c @@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre if (jas_iccprof_setattr(prof, tagtabent->tag, attrval)) goto error; jas_iccattrval_destroy(attrval); + attrval = 0; } else { #if 0 jas_eprintf("warning: skipping unknown tag type\n"); debian/patches/03-CVE-2011-4516-and-CVE-2011-4517.patch0000644000000000000000000000225611701114036015602 0ustar Description: Fix for CVE-2011-4516 and CVE-2011-4517 This patch fixes a possible denial of service and code execution via heap-based buffer overflows. Author: Michael Gilbert Origin: Patch thanks to Red Hat Bug-Debian: http://bugs.debian.org/652649 Index: jasper-1.900.1/src/libjasper/jpc/jpc_cs.c =================================================================== --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:34.186909298 -0500 +++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c 2011-12-19 09:35:51.198909832 -0500 @@ -744,6 +744,10 @@ return -1; } compparms->numrlvls = compparms->numdlvls + 1; + if (compparms->numrlvls > JPC_MAXRLVLS) { + jpc_cox_destroycompparms(compparms); + return -1; + } if (prtflag) { for (i = 0; i < compparms->numrlvls; ++i) { if (jpc_getuint8(in, &tmp)) { @@ -1331,7 +1335,7 @@ jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; debian/patches/CVE-2016-10248.patch0000644000000000000000000000636613314723172013333 0ustar Backport of: From 2e82fa00466ae525339754bb3ab0a0474a31d4bd Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Wed, 19 Oct 2016 17:57:40 -0700 Subject: [PATCH] Fixed an integral type promotion problem by adding a JAS_CAST. Modified the jpc_tsfb_synthesize function so that it will be a noop for an empty sequence (in order to avoid dereferencing a null pointer). --- src/libjasper/include/jasper/jas_math.h | 18 ++++++++++++++++++ src/libjasper/include/jasper/jas_seq.h | 5 +++++ src/libjasper/jpc/jpc_dec.c | 9 ++++++++- src/libjasper/jpc/jpc_tsfb.c | 3 ++- 4 files changed, 33 insertions(+), 2 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_seq.h =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/include/jasper/jas_seq.h 2018-06-27 11:00:08.867723206 -0400 +++ jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_seq.h 2018-06-27 11:00:08.863723195 -0400 @@ -269,6 +269,8 @@ jas_matrix_t *jas_seq2d_create(int xstar ((s)->xstart_ = (x), (s)->ystart_ = (y), \ (s)->xend_ = (s)->xstart_ + (s)->numcols_, \ (s)->yend_ = (s)->ystart_ + (s)->numrows_) +#define jas_seq2d_size(s) \ + (jas_seq2d_width(s) * jas_seq2d_height(s)) void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart, int ystart, int xend, int yend); Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2018-06-27 11:00:08.867723206 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2018-06-27 11:00:08.863723195 -0400 @@ -1831,6 +1831,13 @@ static void jpc_undo_roi(jas_matrix_t *x bool warn; uint_fast32_t mask; + if (roishift < 0) { + /* We could instead return an error here. */ + /* I do not think it matters much. */ + jas_eprintf("warning: forcing negative ROI shift to zero " + "(bitstream is probably corrupt)\n"); + roishift = 0; + } if (roishift == 0 && bgshift == 0) { return; } @@ -1849,7 +1856,7 @@ static void jpc_undo_roi(jas_matrix_t *x } else { /* We are dealing with non-ROI (i.e., background) data. */ mag <<= bgshift; - mask = (1 << numbps) - 1; + mask = (JAS_CAST(uint_fast32_t, 1) << numbps) - 1; /* Perform a basic sanity check on the sample value. */ /* Some implementations write garbage in the unused most-significant bit planes introduced by ROI shifting. Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_tsfb.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_tsfb.c 2018-06-27 11:00:08.867723206 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_tsfb.c 2018-06-27 11:00:08.863723195 -0400 @@ -148,7 +148,8 @@ int jpc_tsfb_analyze2(jpc_tsfb_t *tsfb, int jpc_tsfb_synthesize(jpc_tsfb_t *tsfb, jas_seq2d_t *a) { - return (tsfb->numlvls > 0) ? jpc_tsfb_synthesize2(tsfb, + return (tsfb->numlvls > 0 && jas_seq2d_size(a)) ? + jpc_tsfb_synthesize2(tsfb, jas_seq2d_getref(a, jas_seq2d_xstart(a), jas_seq2d_ystart(a)), jas_seq2d_xstart(a), jas_seq2d_ystart(a), jas_seq2d_width(a), jas_seq2d_height(a), jas_seq2d_rowstep(a), tsfb->numlvls - 1) : 0; debian/patches/02-fix-filename-buffer-overflow.patch0000644000000000000000000000150512036310635017531 0ustar Description: Filename buffer overflow fix This patch fixes a security hole by a bad buffer size handling. Author: Roland Stigge Bug-Debian: http://bugs.debian.org/645118 --- a/src/libjasper/include/jasper/jas_stream.h +++ b/src/libjasper/include/jasper/jas_stream.h @@ -77,6 +77,7 @@ #include #include +#include #if defined(HAVE_FCNTL_H) #include #endif @@ -99,6 +100,12 @@ extern "C" { #define O_BINARY 0 #endif +#ifdef PATH_MAX +#define JAS_PATH_MAX PATH_MAX +#else +#define JAS_PATH_MAX 4096 +#endif + /* * Stream open flags. */ @@ -251,7 +258,7 @@ typedef struct { typedef struct { int fd; int flags; - char pathname[L_tmpnam + 1]; + char pathname[JAS_PATH_MAX + 1]; } jas_stream_fileobj_t; #define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01 debian/patches/CVE-2016-9387-2.patch0000644000000000000000000000221013314673471013414 0ustar From a712a2041085e7cd5f2b153e1532ac2a2954ffaa Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Thu, 2 Mar 2017 09:28:42 -0800 Subject: [PATCH] Added some additional checking to prevent a potential integer overflow due to conversion in the JPC decoder. --- src/libjasper/jpc/jpc_dec.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:38:31.951184434 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:38:31.951184434 -0400 @@ -1214,7 +1214,10 @@ static int jpc_dec_process_siz(jpc_dec_t dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); - if (!jas_safe_size_mul(dec->numhtiles, dec->numvtiles, &size)) { + assert(dec->numhtiles >= 0); + assert(dec->numvtiles >= 0); + if (!jas_safe_size_mul(dec->numhtiles, dec->numvtiles, &size) || + size > INT_MAX) { return -1; } dec->numtiles = size; debian/patches/CVE-2015-5203-CVE-2016-9262.patch0000644000000000000000000001137713314711550014641 0ustar Backport of the upstream commit: From b35a05635e56f554870ce85f64293a3868793f69 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Wed, 19 Oct 2016 08:42:25 -0700 Subject: [PATCH] Fixed potential integer overflow problem. Further enhanced by a change from d42b2388f7f8e0332c846675133acea151fc557a to use jas_safe_size_mul3() and an explicit check to ensure that size not only fits into size_t, but that it also does not exceed INT_MAX. This is similar approach to what upstream used in a712a2041085e7cd5f2b153e1532ac2a2954ffaa. This also adds all jas_safe_size_*() functions, including changes from the following upstream commits: f596a0766825b48cdc07b28d2051977a382cfb95 65536647d380571d1a9a6c91fa03775fb5bbd256 3afacc174867cc9d1f74ef2683bc780de4b0b2df d42b2388f7f8e0332c846675133acea151fc557a Index: jasper-1.900.1-debian1/src/libjasper/base/jas_image.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_image.c 2018-06-27 08:06:33.124236652 -0400 +++ jasper-1.900.1-debian1/src/libjasper/base/jas_image.c 2018-06-27 08:06:33.120236646 -0400 @@ -76,6 +76,7 @@ #include #include #include +#include #include "jasper/jas_math.h" #include "jasper/jas_image.h" @@ -300,10 +301,10 @@ static jas_image_cmpt_t *jas_image_cmpt_ height, uint_fast16_t depth, bool sgnd, uint_fast32_t inmem) { jas_image_cmpt_t *cmpt; - long size; + size_t size; if (!(cmpt = jas_malloc(sizeof(jas_image_cmpt_t)))) { - return 0; + goto error; } cmpt->type_ = JAS_IMAGE_CT_UNKNOWN; @@ -318,11 +319,14 @@ static jas_image_cmpt_t *jas_image_cmpt_ cmpt->stream_ = 0; cmpt->cps_ = (depth + 7) / 8; - size = cmpt->width_ * cmpt->height_ * cmpt->cps_; + //size = cmpt->width_ * cmpt->height_ * cmpt->cps_; + if (!jas_safe_size_mul3(cmpt->width_, cmpt->height_, cmpt->cps_, &size) || + size > INT_MAX) { + goto error; + } cmpt->stream_ = (inmem) ? jas_stream_memopen(0, size) : jas_stream_tmpfile(); if (!cmpt->stream_) { - jas_image_cmpt_destroy(cmpt); - return 0; + goto error; } /* Zero the component data. This isn't necessary, but it is @@ -330,11 +334,16 @@ static jas_image_cmpt_t *jas_image_cmpt_ if (jas_stream_seek(cmpt->stream_, size - 1, SEEK_SET) < 0 || jas_stream_putc(cmpt->stream_, 0) == EOF || jas_stream_seek(cmpt->stream_, 0, SEEK_SET) < 0) { - jas_image_cmpt_destroy(cmpt); - return 0; + goto error; } return cmpt; + +error: + if (cmpt) { + jas_image_cmpt_destroy(cmpt); + } + return 0; } static void jas_image_cmpt_destroy(jas_image_cmpt_t *cmpt) Index: jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_math.h =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/include/jasper/jas_math.h 2018-06-27 08:12:44.900759415 -0400 +++ jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_math.h 2018-06-27 08:13:33.849274197 -0400 @@ -76,9 +76,9 @@ #include -#include -#include -#include +#include +#include +#include #include #ifdef __cplusplus @@ -111,17 +111,61 @@ extern "C" { #define JAS_ONES(n) \ ((1 << (n)) - 1) + +/******************************************************************************\ +* Safe integer arithmetic (i.e., with overflow checking). +\******************************************************************************/ + +/* Compute the product of two size_t integers with overflow checking. */ inline static int jas_safe_size_mul(size_t x, size_t y, size_t *result) { - /* Check if overflow would occur */ - if (x && y > SIZE_MAX / x) { - /* Overflow would occur. */ - return 0; - } - if (result) { - *result = x * y; - } - return 1; + /* Check if overflow would occur */ + if (x && y > SIZE_MAX / x) { + /* Overflow would occur. */ + return 0; + } + if (result) { + *result = x * y; + } + return 1; +} + +inline static int jas_safe_size_mul3(size_t a, size_t b, size_t c, + size_t *result) +{ + size_t tmp; + if (!jas_safe_size_mul(a, b, &tmp) || + !jas_safe_size_mul(tmp, c, &tmp)) { + return 0; + } + if (result) { + *result = tmp; + } + return 1; +} + +/* Compute the sum of two size_t integer with overflow checking. */ +inline static int jas_safe_size_add(size_t x, size_t y, size_t *result) +{ + if (y > SIZE_MAX - x) { + return 0; + } + if (result) { + *result = x + y; + } + return 1; +} + +/* Compute the difference of two size_t integer with overflow checking. */ +inline static int jas_safe_size_sub(size_t x, size_t y, size_t *result) +{ + if (y > x) { + return 0; + } + if (result) { + *result = x - y; + } + return 1; } #ifdef __cplusplus debian/patches/01-misc-fixes.patch0000644000000000000000000027236611622251652014145 0ustar Description: Miscellaneous fixes to upstream tarball This patch contains some currently not further categorized patches to the upstream tarball. Author: Roland Stigge --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c @@ -573,7 +573,7 @@ int jpc_pchglist_insert(jpc_pchglist_t * } if (pchglist->numpchgs >= pchglist->maxpchgs) { newmaxpchgs = pchglist->maxpchgs + 128; - if (!(newpchgs = jas_realloc(pchglist->pchgs, newmaxpchgs * sizeof(jpc_pchg_t *)))) { + if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) { return -1; } pchglist->maxpchgs = newmaxpchgs; --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_util.c @@ -109,7 +109,7 @@ int jpc_atoaf(char *s, int *numvalues, d } if (n) { - if (!(vs = jas_malloc(n * sizeof(double)))) { + if (!(vs = jas_alloc2(n, sizeof(double)))) { return -1; } --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c @@ -449,7 +449,7 @@ static int jpc_dec_process_sot(jpc_dec_t if (dec->state == JPC_MH) { - compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t)); + compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t)); assert(compinfos); for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos; cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) { @@ -692,7 +692,7 @@ static int jpc_dec_tileinit(jpc_dec_t *d tile->realmode = 1; } tcomp->numrlvls = ccp->numrlvls; - if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls * + if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls, sizeof(jpc_dec_rlvl_t)))) { return -1; } @@ -764,7 +764,7 @@ rlvl->bands = 0; rlvl->cbgheightexpn); rlvl->numbands = (!rlvlno) ? 1 : 3; - if (!(rlvl->bands = jas_malloc(rlvl->numbands * + if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_dec_band_t)))) { return -1; } @@ -797,7 +797,7 @@ rlvl->bands = 0; assert(rlvl->numprcs); - if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) { + if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) { return -1; } @@ -834,7 +834,7 @@ rlvl->bands = 0; if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) { return -1; } - if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) { + if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) { return -1; } @@ -1069,12 +1069,12 @@ static int jpc_dec_tiledecode(jpc_dec_t /* Apply an inverse intercomponent transform if necessary. */ switch (tile->cp->mctid) { case JPC_MCT_RCT: - assert(dec->numcomps == 3); + assert(dec->numcomps == 3 || dec->numcomps == 4); jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; case JPC_MCT_ICT: - assert(dec->numcomps == 3); + assert(dec->numcomps == 3 || dec->numcomps == 4); jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; @@ -1181,7 +1181,7 @@ static int jpc_dec_process_siz(jpc_dec_t return -1; } - if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) { + if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) { return -1; } @@ -1204,7 +1204,7 @@ static int jpc_dec_process_siz(jpc_dec_t dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); dec->numtiles = dec->numhtiles * dec->numvtiles; - if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) { + if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { return -1; } @@ -1228,7 +1228,7 @@ static int jpc_dec_process_siz(jpc_dec_t tile->pkthdrstreampos = 0; tile->pptstab = 0; tile->cp = 0; - if (!(tile->tcomps = jas_malloc(dec->numcomps * + if (!(tile->tcomps = jas_alloc2(dec->numcomps, sizeof(jpc_dec_tcomp_t)))) { return -1; } @@ -1489,7 +1489,7 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u cp->numlyrs = 0; cp->mctid = 0; cp->csty = 0; - if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) { + if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) { return 0; } if (!(cp->pchglist = jpc_pchglist_create())) { @@ -2048,7 +2048,7 @@ jpc_streamlist_t *jpc_streamlist_create( } streamlist->numstreams = 0; streamlist->maxstreams = 100; - if (!(streamlist->streams = jas_malloc(streamlist->maxstreams * + if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams, sizeof(jas_stream_t *)))) { jas_free(streamlist); return 0; @@ -2068,8 +2068,8 @@ int jpc_streamlist_insert(jpc_streamlist /* Grow the array of streams if necessary. */ if (streamlist->numstreams >= streamlist->maxstreams) { newmaxstreams = streamlist->maxstreams + 1024; - if (!(newstreams = jas_realloc(streamlist->streams, - (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) { + if (!(newstreams = jas_realloc2(streamlist->streams, + (newmaxstreams + 1024), sizeof(jas_stream_t *)))) { return -1; } for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) { @@ -2155,8 +2155,7 @@ int jpc_ppxstab_grow(jpc_ppxstab_t *tab, { jpc_ppxstabent_t **newents; if (tab->maxents < maxents) { - newents = (tab->ents) ? jas_realloc(tab->ents, maxents * - sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *)); + newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *)); if (!newents) { return -1; } --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c @@ -125,7 +125,7 @@ jpc_tagtree_t *jpc_tagtree_create(int nu ++numlvls; } while (n > 1); - if (!(tree->nodes_ = jas_malloc(tree->numnodes_ * sizeof(jpc_tagtreenode_t)))) { + if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) { return 0; } --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_mqdec.c @@ -118,7 +118,7 @@ jpc_mqdec_t *jpc_mqdec_create(int maxctx mqdec->in = in; mqdec->maxctxs = maxctxs; /* Allocate memory for the per-context state information. */ - if (!(mqdec->ctxs = jas_malloc(mqdec->maxctxs * sizeof(jpc_mqstate_t *)))) { + if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) { goto error; } /* Set the current context to the first context. */ --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c @@ -565,7 +565,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t } pi->pktno = -1; pi->numcomps = cp->numcmpts; - if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { + if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { jpc_pi_destroy(pi); return 0; } @@ -577,7 +577,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { picomp->numrlvls = tcomp->numrlvls; - if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * + if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, sizeof(jpc_pirlvl_t)))) { jpc_pi_destroy(pi); return 0; @@ -591,7 +591,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t /* XXX sizeof(long) should be sizeof different type */ pirlvl->numprcs = rlvl->numprcs; if (rlvl->numprcs) { - if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * + if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, sizeof(long)))) { jpc_pi_destroy(pi); return 0; --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_mqenc.c @@ -197,7 +197,7 @@ jpc_mqenc_t *jpc_mqenc_create(int maxctx mqenc->maxctxs = maxctxs; /* Allocate memory for the per-context state information. */ - if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) { + if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) { goto error; } --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_enc.c @@ -403,7 +403,7 @@ static jpc_enc_cp_t *cp_create(char *opt vsteplcm *= jas_image_cmptvstep(image, cmptno); } - if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) { + if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) { goto error; } for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno, @@ -656,7 +656,7 @@ static jpc_enc_cp_t *cp_create(char *opt if (ilyrrates && numilyrrates > 0) { tcp->numlyrs = numilyrrates + 1; - if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) * + if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1), sizeof(jpc_fix_t)))) { goto error; } @@ -940,7 +940,7 @@ startoff = jas_stream_getrwcount(enc->ou siz->tilewidth = cp->tilewidth; siz->tileheight = cp->tileheight; siz->numcomps = cp->numcmpts; - siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)); + siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)); assert(siz->comps); for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) { siz->comps[i].prec = cp->ccps[i].prec; @@ -977,7 +977,7 @@ startoff = jas_stream_getrwcount(enc->ou return -1; } crg = &enc->mrk->parms.crg; - crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t)); + crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t)); if (jpc_putms(enc->out, enc->cstate, enc->mrk)) { jas_eprintf("cannot write CRG marker\n"); return -1; @@ -1955,7 +1955,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_ tile->mctid = cp->tcp.mctid; tile->numlyrs = cp->tcp.numlyrs; - if (!(tile->lyrsizes = jas_malloc(tile->numlyrs * + if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs, sizeof(uint_fast32_t)))) { goto error; } @@ -1964,7 +1964,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_ } /* Allocate an array for the per-tile-component information. */ - if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) { + if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) { goto error; } /* Initialize a few members critical for error recovery. */ @@ -2110,7 +2110,7 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data), jas_seq2d_yend(tcmpt->data), bandinfos); - if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) { + if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) { goto error; } for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls; @@ -2213,7 +2213,7 @@ static jpc_enc_rlvl_t *rlvl_create(jpc_e rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn); rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs; - if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) { + if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) { goto error; } for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands; @@ -2290,7 +2290,7 @@ if (bandinfo->xstart != bandinfo->xend & band->synweight = bandinfo->synenergywt; if (band->data) { - if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) { + if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) { goto error; } for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno, @@ -2422,7 +2422,7 @@ if (!rlvlno) { goto error; } - if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) { + if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) { goto error; } for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks; --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c @@ -219,7 +219,7 @@ int jpc_enc_enccblk(jpc_enc_t *enc, jas_ cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0; if (cblk->numpasses > 0) { - cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t)); + cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t)); assert(cblk->passes); } else { cblk->passes = 0; --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_t2dec.c @@ -478,7 +478,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d return 0; } pi->numcomps = dec->numcomps; - if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) { + if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) { jpc_pi_destroy(pi); return 0; } @@ -490,7 +490,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps; compno < pi->numcomps; ++compno, ++tcomp, ++picomp) { picomp->numrlvls = tcomp->numrlvls; - if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls * + if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls, sizeof(jpc_pirlvl_t)))) { jpc_pi_destroy(pi); return 0; @@ -503,7 +503,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) { /* XXX sizeof(long) should be sizeof different type */ pirlvl->numprcs = rlvl->numprcs; - if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs * + if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs, sizeof(long)))) { jpc_pi_destroy(pi); return 0; --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c @@ -321,7 +321,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in #if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } @@ -389,7 +389,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in #if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } @@ -460,7 +460,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, #if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } @@ -549,7 +549,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, #if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } @@ -633,7 +633,7 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int #if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide. */ abort(); } @@ -698,7 +698,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int #if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide. */ abort(); } @@ -766,7 +766,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, #if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide. */ abort(); } @@ -852,7 +852,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, #if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { - if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide. */ abort(); } --- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c +++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c @@ -502,7 +502,7 @@ static int jpc_siz_getparms(jpc_ms_t *ms !siz->tileheight || !siz->numcomps) { return -1; } - if (!(siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)))) { + if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { return -1; } for (i = 0; i < siz->numcomps; ++i) { @@ -982,7 +982,10 @@ static int jpc_qcx_getcompparms(jpc_qcxc compparms->numstepsizes = (len - n) / 2; break; } - if (compparms->numstepsizes > 0) { + if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) { + jpc_qcx_destroycompparms(compparms); + return -1; + } else if (compparms->numstepsizes > 0) { compparms->stepsizes = jas_malloc(compparms->numstepsizes * sizeof(uint_fast16_t)); assert(compparms->stepsizes); @@ -1091,7 +1094,7 @@ static int jpc_ppm_getparms(jpc_ms_t *ms ppm->len = ms->len - 1; if (ppm->len > 0) { - if (!(ppm->data = jas_malloc(ppm->len * sizeof(unsigned char)))) { + if (!(ppm->data = jas_malloc(ppm->len))) { goto error; } if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) { @@ -1160,7 +1163,7 @@ static int jpc_ppt_getparms(jpc_ms_t *ms } ppt->len = ms->len - 1; if (ppt->len > 0) { - if (!(ppt->data = jas_malloc(ppt->len * sizeof(unsigned char)))) { + if (!(ppt->data = jas_malloc(ppt->len))) { goto error; } if (jas_stream_read(in, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) { @@ -1223,7 +1226,7 @@ static int jpc_poc_getparms(jpc_ms_t *ms uint_fast8_t tmp; poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) : (ms->len / 7); - if (!(poc->pchgs = jas_malloc(poc->numpchgs * sizeof(jpc_pocpchg_t)))) { + if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) { goto error; } for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno, @@ -1328,7 +1331,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms jpc_crgcomp_t *comp; uint_fast16_t compno; crg->numcomps = cstate->numcomps; - if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) { + if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) { return -1; } for (compno = 0, comp = crg->comps; compno < cstate->numcomps; @@ -1467,7 +1470,7 @@ static int jpc_unk_getparms(jpc_ms_t *ms cstate = 0; if (ms->len > 0) { - if (!(unk->data = jas_malloc(ms->len * sizeof(unsigned char)))) { + if (!(unk->data = jas_malloc(ms->len))) { return -1; } if (jas_stream_read(in, (char *) unk->data, ms->len) != JAS_CAST(int, ms->len)) { --- jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c +++ jasper-1.900.1/src/libjasper/bmp/bmp_dec.c @@ -283,7 +283,7 @@ static bmp_info_t *bmp_getinfo(jas_strea } if (info->numcolors > 0) { - if (!(info->palents = jas_malloc(info->numcolors * + if (!(info->palents = jas_alloc2(info->numcolors, sizeof(bmp_palent_t)))) { bmp_info_destroy(info); return 0; --- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h +++ jasper-1.900.1/src/libjasper/include/jasper/jas_malloc.h @@ -95,6 +95,9 @@ extern "C" { #define jas_free MEMFREE #define jas_realloc MEMREALLOC #define jas_calloc MEMCALLOC +#define jas_alloc2(a, b) MEMALLOC((a)*(b)) +#define jas_alloc3(a, b, c) MEMALLOC((a)*(b)*(c)) +#define jas_realloc2(p, a, b) MEMREALLOC((p), (a)*(b)) #endif /******************************************************************************\ @@ -115,6 +118,12 @@ void *jas_realloc(void *ptr, size_t size /* Allocate a block of memory and initialize the contents to zero. */ void *jas_calloc(size_t nmemb, size_t size); +/* size-checked double allocation .*/ +void *jas_alloc2(size_t, size_t); + +void *jas_alloc3(size_t, size_t, size_t); + +void *jas_realloc2(void *, size_t, size_t); #endif #ifdef __cplusplus --- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c +++ jasper-1.900.1/src/libjasper/base/jas_seq.c @@ -114,7 +114,7 @@ jas_matrix_t *jas_matrix_create(int numr matrix->datasize_ = numrows * numcols; if (matrix->maxrows_ > 0) { - if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ * + if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_, sizeof(jas_seqent_t *)))) { jas_matrix_destroy(matrix); return 0; @@ -122,7 +122,7 @@ jas_matrix_t *jas_matrix_create(int numr } if (matrix->datasize_ > 0) { - if (!(matrix->data_ = jas_malloc(matrix->datasize_ * + if (!(matrix->data_ = jas_alloc2(matrix->datasize_, sizeof(jas_seqent_t)))) { jas_matrix_destroy(matrix); return 0; @@ -220,7 +220,7 @@ void jas_matrix_bindsub(jas_matrix_t *ma mat0->numrows_ = r1 - r0 + 1; mat0->numcols_ = c1 - c0 + 1; mat0->maxrows_ = mat0->numrows_; - mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *)); + mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *)); for (i = 0; i < mat0->numrows_; ++i) { mat0->rows_[i] = mat1->rows_[r0 + i] + c0; } --- jasper-1.900.1.orig/src/libjasper/base/jas_image.c +++ jasper-1.900.1/src/libjasper/base/jas_image.c @@ -142,7 +142,7 @@ jas_image_t *jas_image_create(int numcmp image->inmem_ = true; /* Allocate memory for the per-component information. */ - if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ * + if (!(image->cmpts_ = jas_alloc2(image->maxcmpts_, sizeof(jas_image_cmpt_t *)))) { jas_image_destroy(image); return 0; @@ -774,8 +774,7 @@ static int jas_image_growcmpts(jas_image jas_image_cmpt_t **newcmpts; int cmptno; - newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) : - jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *)); + newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *)); if (!newcmpts) { return -1; } --- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c +++ jasper-1.900.1/src/libjasper/base/jas_icc.c @@ -373,7 +373,7 @@ int jas_iccprof_save(jas_iccprof_t *prof jas_icctagtab_t *tagtab; tagtab = &prof->tagtab; - if (!(tagtab->ents = jas_malloc(prof->attrtab->numattrs * + if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs, sizeof(jas_icctagtabent_t)))) goto error; tagtab->numents = prof->attrtab->numattrs; @@ -522,7 +522,7 @@ static int jas_iccprof_gettagtab(jas_str } if (jas_iccgetuint32(in, &tagtab->numents)) goto error; - if (!(tagtab->ents = jas_malloc(tagtab->numents * + if (!(tagtab->ents = jas_alloc2(tagtab->numents, sizeof(jas_icctagtabent_t)))) goto error; tagtabent = tagtab->ents; @@ -743,8 +743,7 @@ static int jas_iccattrtab_resize(jas_icc { jas_iccattr_t *newattrs; assert(maxents >= tab->numattrs); - newattrs = tab->attrs ? jas_realloc(tab->attrs, maxents * - sizeof(jas_iccattr_t)) : jas_malloc(maxents * sizeof(jas_iccattr_t)); + newattrs = jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t)); if (!newattrs) return -1; tab->attrs = newattrs; @@ -999,7 +998,7 @@ static int jas_icccurv_input(jas_iccattr if (jas_iccgetuint32(in, &curv->numents)) goto error; - if (!(curv->ents = jas_malloc(curv->numents * sizeof(jas_iccuint16_t)))) + if (!(curv->ents = jas_alloc2(curv->numents, sizeof(jas_iccuint16_t)))) goto error; for (i = 0; i < curv->numents; ++i) { if (jas_iccgetuint16(in, &curv->ents[i])) @@ -1100,7 +1099,7 @@ static int jas_icctxtdesc_input(jas_icca if (jas_iccgetuint32(in, &txtdesc->uclangcode) || jas_iccgetuint32(in, &txtdesc->uclen)) goto error; - if (!(txtdesc->ucdata = jas_malloc(txtdesc->uclen * 2))) + if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2))) goto error; if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) != JAS_CAST(int, txtdesc->uclen * 2)) @@ -1292,17 +1291,17 @@ static int jas_icclut8_input(jas_iccattr jas_iccgetuint16(in, &lut8->numouttabents)) goto error; clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans; - if (!(lut8->clut = jas_malloc(clutsize * sizeof(jas_iccuint8_t))) || - !(lut8->intabsbuf = jas_malloc(lut8->numinchans * - lut8->numintabents * sizeof(jas_iccuint8_t))) || - !(lut8->intabs = jas_malloc(lut8->numinchans * + if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) || + !(lut8->intabsbuf = jas_alloc3(lut8->numinchans, + lut8->numintabents, sizeof(jas_iccuint8_t))) || + !(lut8->intabs = jas_alloc2(lut8->numinchans, sizeof(jas_iccuint8_t *)))) goto error; for (i = 0; i < lut8->numinchans; ++i) lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents]; - if (!(lut8->outtabsbuf = jas_malloc(lut8->numoutchans * - lut8->numouttabents * sizeof(jas_iccuint8_t))) || - !(lut8->outtabs = jas_malloc(lut8->numoutchans * + if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans, + lut8->numouttabents, sizeof(jas_iccuint8_t))) || + !(lut8->outtabs = jas_alloc2(lut8->numoutchans, sizeof(jas_iccuint8_t *)))) goto error; for (i = 0; i < lut8->numoutchans; ++i) @@ -1461,17 +1460,17 @@ static int jas_icclut16_input(jas_iccatt jas_iccgetuint16(in, &lut16->numouttabents)) goto error; clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans; - if (!(lut16->clut = jas_malloc(clutsize * sizeof(jas_iccuint16_t))) || - !(lut16->intabsbuf = jas_malloc(lut16->numinchans * - lut16->numintabents * sizeof(jas_iccuint16_t))) || - !(lut16->intabs = jas_malloc(lut16->numinchans * + if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) || + !(lut16->intabsbuf = jas_alloc3(lut16->numinchans, + lut16->numintabents, sizeof(jas_iccuint16_t))) || + !(lut16->intabs = jas_alloc2(lut16->numinchans, sizeof(jas_iccuint16_t *)))) goto error; for (i = 0; i < lut16->numinchans; ++i) lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents]; - if (!(lut16->outtabsbuf = jas_malloc(lut16->numoutchans * - lut16->numouttabents * sizeof(jas_iccuint16_t))) || - !(lut16->outtabs = jas_malloc(lut16->numoutchans * + if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans, + lut16->numouttabents, sizeof(jas_iccuint16_t))) || + !(lut16->outtabs = jas_alloc2(lut16->numoutchans, sizeof(jas_iccuint16_t *)))) goto error; for (i = 0; i < lut16->numoutchans; ++i) --- jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c +++ jasper-1.900.1/src/libjasper/base/jas_malloc.c @@ -76,6 +76,9 @@ /* We need the prototype for memset. */ #include +#include +#include +#include #include "jasper/jas_malloc.h" @@ -113,18 +116,50 @@ void jas_free(void *ptr) void *jas_realloc(void *ptr, size_t size) { - return realloc(ptr, size); + return ptr ? realloc(ptr, size) : malloc(size); } -void *jas_calloc(size_t nmemb, size_t size) +void *jas_realloc2(void *ptr, size_t nmemb, size_t size) +{ + if (!ptr) + return jas_alloc2(nmemb, size); + if (nmemb && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + return jas_realloc(ptr, nmemb * size); + +} + +void *jas_alloc2(size_t nmemb, size_t size) +{ + if (nmemb && SIZE_MAX / nmemb < size) { + errno = ENOMEM; + return NULL; + } + + return jas_malloc(nmemb * size); +} + +void *jas_alloc3(size_t a, size_t b, size_t c) { - void *ptr; size_t n; - n = nmemb * size; - if (!(ptr = jas_malloc(n * sizeof(char)))) { - return 0; + + if (a && SIZE_MAX / a < b) { + errno = ENOMEM; + return NULL; } - memset(ptr, 0, n); + + return jas_alloc2(a*b, c); +} + +void *jas_calloc(size_t nmemb, size_t size) +{ + void *ptr; + + ptr = jas_alloc2(nmemb, size); + if (ptr) + memset(ptr, 0, nmemb*size); return ptr; } --- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c +++ jasper-1.900.1/src/libjasper/base/jas_stream.c @@ -212,7 +212,7 @@ jas_stream_t *jas_stream_memopen(char *b if (buf) { obj->buf_ = (unsigned char *) buf; } else { - obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char)); + obj->buf_ = jas_malloc(obj->bufsize_); obj->myalloc_ = 1; } if (!obj->buf_) { @@ -361,28 +361,22 @@ jas_stream_t *jas_stream_tmpfile() } obj->fd = -1; obj->flags = 0; - obj->pathname[0] = '\0'; stream->obj_ = obj; /* Choose a file name. */ - tmpnam(obj->pathname); + snprintf(obj->pathname, L_tmpnam, "%s/tmp.XXXXXXXXXX", P_tmpdir); /* Open the underlying file. */ - if ((obj->fd = open(obj->pathname, O_CREAT | O_EXCL | O_RDWR | O_TRUNC | O_BINARY, - JAS_STREAM_PERMS)) < 0) { + if ((obj->fd = mkstemp(obj->pathname)) < 0) { jas_stream_destroy(stream); return 0; } /* Unlink the file so that it will disappear if the program terminates abnormally. */ - /* Under UNIX, one can unlink an open file and continue to do I/O - on it. Not all operating systems support this functionality, however. - For example, under Microsoft Windows the unlink operation will fail, - since the file is open. */ if (unlink(obj->pathname)) { - /* We will try unlinking the file again after it is closed. */ - obj->flags |= JAS_STREAM_FILEOBJ_DELONCLOSE; + jas_stream_destroy(stream); + return 0; } /* Use full buffering. */ @@ -553,7 +547,7 @@ int jas_stream_printf(jas_stream_t *stre int ret; va_start(ap, fmt); - ret = vsprintf(buf, fmt, ap); + ret = vsnprintf(buf, sizeof buf, fmt, ap); jas_stream_puts(stream, buf); va_end(ap); return ret; @@ -992,7 +986,7 @@ static int mem_resize(jas_stream_memobj_ unsigned char *buf; assert(m->buf_); - if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) { + if (!(buf = jas_realloc(m->buf_, bufsize))) { return -1; } m->buf_ = buf; --- jasper-1.900.1.orig/src/libjasper/base/jas_cm.c +++ jasper-1.900.1/src/libjasper/base/jas_cm.c @@ -704,8 +704,7 @@ static int jas_cmpxformseq_resize(jas_cm { jas_cmpxform_t **p; assert(n >= pxformseq->numpxforms); - p = (!pxformseq->pxforms) ? jas_malloc(n * sizeof(jas_cmpxform_t *)) : - jas_realloc(pxformseq->pxforms, n * sizeof(jas_cmpxform_t *)); + p = jas_realloc2(pxformseq->pxforms, n, sizeof(jas_cmpxform_t *)); if (!p) { return -1; } @@ -889,13 +888,13 @@ static int jas_cmshapmatlut_set(jas_cmsh jas_cmshapmatlut_cleanup(lut); if (curv->numents == 0) { lut->size = 2; - if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) + if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; lut->data[0] = 0.0; lut->data[1] = 1.0; } else if (curv->numents == 1) { lut->size = 256; - if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) + if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; gamma = curv->ents[0] / 256.0; for (i = 0; i < lut->size; ++i) { @@ -903,7 +902,7 @@ static int jas_cmshapmatlut_set(jas_cmsh } } else { lut->size = curv->numents; - if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t)))) + if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t)))) goto error; for (i = 0; i < lut->size; ++i) { lut->data[i] = curv->ents[i] / 65535.0; @@ -953,7 +952,7 @@ static int jas_cmshapmatlut_invert(jas_c return -1; } } - if (!(invlut->data = jas_malloc(n * sizeof(jas_cmreal_t)))) + if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t)))) return -1; invlut->size = n; for (i = 0; i < invlut->size; ++i) { --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c +++ jasper-1.900.1/src/libjasper/jp2/jp2_enc.c @@ -5,6 +5,11 @@ * All rights reserved. */ +/* + * Modified by Andrey Kiselev to handle UUID + * box properly. + */ + /* __START_OF_JASPER_LICENSE__ * * JasPer License Version 2.0 @@ -86,7 +91,7 @@ static int clrspctojp2(jas_clrspc_t clrs * Functions. \******************************************************************************/ -int jp2_encode(jas_image_t *image, jas_stream_t *out, char *optstr) +int jp2_write_header(jas_image_t *image, jas_stream_t *out) { jp2_box_t *box; jp2_ftyp_t *ftyp; @@ -97,8 +102,6 @@ int jp2_encode(jas_image_t *image, jas_s long len; uint_fast16_t cmptno; jp2_colr_t *colr; - char buf[4096]; - uint_fast32_t overhead; jp2_cdefchan_t *cdefchanent; jp2_cdef_t *cdef; int i; @@ -191,7 +194,7 @@ int sgnd; } bpcc = &box->data.bpcc; bpcc->numcmpts = jas_image_numcmpts(image); - if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * + if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { goto error; } @@ -285,7 +288,7 @@ int sgnd; } cdef = &box->data.cdef; cdef->numchans = jas_image_numcmpts(image); - cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)); + cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)); for (i = 0; i < jas_image_numcmpts(image); ++i) { cdefchanent = &cdef->ents[i]; cdefchanent->channo = i; @@ -326,6 +329,26 @@ int sgnd; jas_stream_close(tmpstream); tmpstream = 0; + return 0; + abort(); + +error: + + if (box) { + jp2_box_destroy(box); + } + if (tmpstream) { + jas_stream_close(tmpstream); + } + return -1; +} + +int jp2_write_codestream(jas_image_t *image, jas_stream_t *out, char *optstr) +{ + jp2_box_t *box; + char buf[4096]; + uint_fast32_t overhead; + /* * Output the contiguous code stream box. */ @@ -358,12 +381,34 @@ error: if (box) { jp2_box_destroy(box); } - if (tmpstream) { - jas_stream_close(tmpstream); - } return -1; } +int jp2_encode(jas_image_t *image, jas_stream_t *out, char *optstr) +{ + if (jp2_write_header(image, out) < 0) + return -1; + if (jp2_write_codestream(image, out, optstr) < 0) + return -1; + + return 0; +} + +int jp2_encode_uuid(jas_image_t *image, jas_stream_t *out, + char *optstr, jp2_box_t *uuid) +{ + if (jp2_write_header(image, out) < 0) + return -1; + if (uuid) { + if (jp2_box_put(uuid, out)) + return -1; + } + if (jp2_write_codestream(image, out, optstr) < 0) + return -1; + + return 0; +} + static uint_fast32_t jp2_gettypeasoc(int colorspace, int ctype) { int type; --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c +++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c @@ -336,7 +336,7 @@ jas_image_t *jp2_decode(jas_stream_t *in } /* Allocate space for the channel-number to component-number LUT. */ - if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) { + if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) { jas_eprintf("error: no memory\n"); goto error; } @@ -354,7 +354,7 @@ jas_image_t *jp2_decode(jas_stream_t *in if (cmapent->map == JP2_CMAP_DIRECT) { dec->chantocmptlut[channo] = channo; } else if (cmapent->map == JP2_CMAP_PALETTE) { - lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t)); + lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t)); for (i = 0; i < pclrd->numlutents; ++i) { lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans]; } --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c +++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c @@ -5,6 +5,11 @@ * All rights reserved. */ +/* + * Modified by Andrey Kiselev to handle UUID + * box properly. + */ + /* __START_OF_JASPER_LICENSE__ * * JasPer License Version 2.0 @@ -127,6 +132,9 @@ static void jp2_pclr_destroy(jp2_box_t * static int jp2_pclr_getdata(jp2_box_t *box, jas_stream_t *in); static int jp2_pclr_putdata(jp2_box_t *box, jas_stream_t *out); static void jp2_pclr_dumpdata(jp2_box_t *box, FILE *out); +static void jp2_uuid_destroy(jp2_box_t *box); +static int jp2_uuid_getdata(jp2_box_t *box, jas_stream_t *in); +static int jp2_uuid_putdata(jp2_box_t *box, jas_stream_t *out); /******************************************************************************\ * Local data. @@ -164,7 +172,7 @@ jp2_boxinfo_t jp2_boxinfos[] = { {JP2_BOX_XML, "XML", 0, {0, 0, 0, 0, 0}}, {JP2_BOX_UUID, "UUID", 0, - {0, 0, 0, 0, 0}}, + {0, jp2_uuid_destroy, jp2_uuid_getdata, jp2_uuid_putdata, 0}}, {JP2_BOX_UINF, "UINF", JP2_BOX_SUPER, {0, 0, 0, 0, 0}}, {JP2_BOX_ULST, "ULST", 0, @@ -372,7 +380,7 @@ static int jp2_bpcc_getdata(jp2_box_t *b jp2_bpcc_t *bpcc = &box->data.bpcc; unsigned int i; bpcc->numcmpts = box->datalen; - if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) { + if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) { return -1; } for (i = 0; i < bpcc->numcmpts; ++i) { @@ -416,7 +424,7 @@ static int jp2_colr_getdata(jp2_box_t *b break; case JP2_COLR_ICC: colr->iccplen = box->datalen - 3; - if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) { + if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) { return -1; } if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) { @@ -453,7 +461,7 @@ static int jp2_cdef_getdata(jp2_box_t *b if (jp2_getuint16(in, &cdef->numchans)) { return -1; } - if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) { + if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) { return -1; } for (channo = 0; channo < cdef->numchans; ++channo) { @@ -766,7 +774,7 @@ static int jp2_cmap_getdata(jp2_box_t *b unsigned int i; cmap->numchans = (box->datalen) / 4; - if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) { + if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) { return -1; } for (i = 0; i < cmap->numchans; ++i) { @@ -828,10 +836,10 @@ static int jp2_pclr_getdata(jp2_box_t *b return -1; } lutsize = pclr->numlutents * pclr->numchans; - if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) { + if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) { return -1; } - if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) { + if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) { return -1; } for (i = 0; i < pclr->numchans; ++i) { @@ -876,6 +884,56 @@ static void jp2_pclr_dumpdata(jp2_box_t } } +static void jp2_uuid_destroy(jp2_box_t *box) +{ + jp2_uuid_t *uuid = &box->data.uuid; + if (uuid->data) + { + jas_free(uuid->data); + uuid->data = NULL; + } +} + +static int jp2_uuid_getdata(jp2_box_t *box, jas_stream_t *in) +{ + jp2_uuid_t *uuid = &box->data.uuid; + int i; + + for (i = 0; i < 16; i++) + { + if (jp2_getuint8(in, &uuid->uuid[i])) + return -1; + } + + uuid->datalen = box->datalen - 16; + uuid->data = jas_malloc(uuid->datalen * sizeof(uint_fast8_t)); + for (i = 0; i < uuid->datalen; i++) + { + if (jp2_getuint8(in, &uuid->data[i])) + return -1; + } + return 0; +} + +static int jp2_uuid_putdata(jp2_box_t *box, jas_stream_t *out) +{ + jp2_uuid_t *uuid = &box->data.uuid; + int i; + + for (i = 0; i < 16; i++) + { + if (jp2_putuint8(out, uuid->uuid[i])) + return -1; + } + + for (i = 0; i < uuid->datalen; i++) + { + if (jp2_putuint8(out, uuid->data[i])) + return -1; + } + return 0; +} + static int jp2_getint(jas_stream_t *in, int s, int n, int_fast32_t *val) { int c; --- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.h +++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.h @@ -5,6 +5,11 @@ * All rights reserved. */ +/* + * Modified by Andrey Kiselev to handle UUID + * box properly. + */ + /* __START_OF_JASPER_LICENSE__ * * JasPer License Version 2.0 @@ -229,6 +234,12 @@ typedef struct { jp2_cmapent_t *ents; } jp2_cmap_t; +typedef struct { + uint_fast32_t datalen; + uint_fast8_t uuid[16]; + uint_fast8_t *data; +} jp2_uuid_t; + #define JP2_CMAP_DIRECT 0 #define JP2_CMAP_PALETTE 1 @@ -257,6 +268,7 @@ typedef struct { jp2_pclr_t pclr; jp2_cdef_t cdef; jp2_cmap_t cmap; + jp2_uuid_t uuid; } data; } jp2_box_t; --- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c +++ jasper-1.900.1/src/libjasper/mif/mif_cod.c @@ -438,8 +438,7 @@ static int mif_hdr_growcmpts(mif_hdr_t * int cmptno; mif_cmpt_t **newcmpts; assert(maxcmpts >= hdr->numcmpts); - newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) : - jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *)); + newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *)); if (!newcmpts) { return -1; } --- jasper-1.900.1.orig/acaux/config.sub +++ jasper-1.900.1/acaux/config.sub @@ -1,9 +1,10 @@ #! /bin/sh # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, -# 2000, 2001, 2002, 2003 Free Software Foundation, Inc. +# 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, +# Inc. -timestamp='2003-06-18' +timestamp='2006-09-20' # This file is (in principle) common to ALL GNU software. # The presence of a machine in this file suggests that SOME GNU software @@ -21,14 +22,15 @@ timestamp='2003-06-18' # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, -# Boston, MA 02111-1307, USA. - +# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA +# 02110-1301, USA. +# # As a special exception to the GNU General Public License, if you # distribute this file as part of a program that contains a # configuration script generated by Autoconf, you may include it under # the same distribution terms that you use for the rest of that program. + # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. # @@ -70,7 +72,7 @@ Report bugs and patches to . # Please send patches to . Submit a context # diff and a properly formatted ChangeLog entry. @@ -53,7 +56,7 @@ version="\ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO @@ -66,11 +69,11 @@ Try \`$me --help' for more information." while test $# -gt 0 ; do case $1 in --time-stamp | --time* | -t ) - echo "$timestamp" ; exit 0 ;; + echo "$timestamp" ; exit ;; --version | -v ) - echo "$version" ; exit 0 ;; + echo "$version" ; exit ;; --help | --h* | -h ) - echo "$usage"; exit 0 ;; + echo "$usage"; exit ;; -- ) # Stop option processing shift; break ;; - ) # Use stdin as input. @@ -104,7 +107,7 @@ set_cc_for_build=' trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; : ${TMPDIR=/tmp} ; - { tmp=`(umask 077 && mktemp -d -q "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; @@ -123,7 +126,7 @@ case $CC_FOR_BUILD,$HOST_CC,$CC in ;; ,,*) CC_FOR_BUILD=$CC ;; ,*,*) CC_FOR_BUILD=$HOST_CC ;; -esac ;' +esac ; set_cc_for_build= ;' # This is needed to find uname on a Pyramid OSx when run in the BSD universe. # (ghazi@noc.rutgers.edu 1994-08-24) @@ -136,13 +139,6 @@ UNAME_RELEASE=`(uname -r) 2>/dev/null` | UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown -## for Red Hat Linux -if test -f /etc/redhat-release ; then - VENDOR=redhat ; -else - VENDOR= ; -fi - # Note: order is significant - the case branches are not exclusive. case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in @@ -203,50 +199,32 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. echo "${machine}-${os}${release}" - exit 0 ;; - amiga:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - arc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - hp300:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mac68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - macppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme68k:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvme88k:OpenBSD:*:*) - echo m88k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - mvmeppc:OpenBSD:*:*) - echo powerpc-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - pmax:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sgi:OpenBSD:*:*) - echo mipseb-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - sun3:OpenBSD:*:*) - echo m68k-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; - wgrisc:OpenBSD:*:*) - echo mipsel-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + exit ;; *:OpenBSD:*:*) - echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} - exit 0 ;; + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE} + exit ;; + *:ekkoBSD:*:*) + echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE} + exit ;; + *:SolidBSD:*:*) + echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE} + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd${UNAME_RELEASE} + exit ;; + *:MirBSD:*:*) + echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} + exit ;; alpha:OSF1:*:*) - if test $UNAME_RELEASE = "V4.0"; then + case $UNAME_RELEASE in + *4.0) UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` - fi + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac # According to Compaq, /usr/sbin/psrinfo has been available on # OSF/1 and Tru64 systems produced since 1995. I hope that # covers most systems running today. This code pipes the CPU @@ -284,42 +262,49 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ "EV7.9 (21364A)") UNAME_MACHINE="alphaev79" ;; esac + # A Pn.n version is a patched version. # A Vn.n version is a released version. # A Tn.n version is a released field test version. # A Xn.n version is an unreleased experimental baselevel. # 1.2 uses "1.2" for uname -r. - echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` - exit 0 ;; - Alpha*:OpenVMS:*:*) - echo alpha-hp-vms - exit 0 ;; + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit ;; Alpha\ *:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # Should we change UNAME_MACHINE based on the output of uname instead # of the specific Alpha model? echo alpha-pc-interix - exit 0 ;; + exit ;; 21064:Windows_NT:50:3) echo alpha-dec-winnt3.5 - exit 0 ;; + exit ;; Amiga*:UNIX_System_V:4.0:*) echo m68k-unknown-sysv4 - exit 0;; + exit ;; *:[Aa]miga[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-amigaos - exit 0 ;; + exit ;; *:[Mm]orph[Oo][Ss]:*:*) echo ${UNAME_MACHINE}-unknown-morphos - exit 0 ;; + exit ;; *:OS/390:*:*) echo i370-ibm-openedition - exit 0 ;; + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) echo arm-acorn-riscix${UNAME_RELEASE} - exit 0;; + exit ;; + arm:riscos:*:*|arm:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) echo hppa1.1-hitachi-hiuxmpp - exit 0;; + exit ;; Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. if test "`(/bin/universe) 2>/dev/null`" = att ; then @@ -327,32 +312,32 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ else echo pyramid-pyramid-bsd fi - exit 0 ;; + exit ;; NILE*:*:*:dcosx) echo pyramid-pyramid-svr4 - exit 0 ;; + exit ;; DRS?6000:unix:4.0:6*) echo sparc-icl-nx6 - exit 0 ;; - DRS?6000:UNIX_SV:4.2*:7*) + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) case `/usr/bin/uname -p` in - sparc) echo sparc-icl-nx7 && exit 0 ;; + sparc) echo sparc-icl-nx7; exit ;; esac ;; sun4H:SunOS:5.*:*) echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; i86pc:SunOS:5.*:*) echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:6*:*) # According to config.sub, this is the proper way to canonicalize # SunOS6. Hard to guess exactly what SunOS6 will be like, but # it's likely to be more like Solaris than SunOS4. echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; sun4*:SunOS:*:*) case "`/usr/bin/arch -k`" in Series*|S4*) @@ -361,10 +346,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ esac # Japanese Language versions have a version number like `4.1.3-JL'. echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` - exit 0 ;; + exit ;; sun3*:SunOS:*:*) echo m68k-sun-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; sun*:*:4.2BSD:*) UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 @@ -376,10 +361,10 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ echo sparc-sun-sunos${UNAME_RELEASE} ;; esac - exit 0 ;; + exit ;; aushp:SunOS:*:*) echo sparc-auspex-sunos${UNAME_RELEASE} - exit 0 ;; + exit ;; # The situation for MiNT is a little confusing. The machine name # can be virtually everything (everything which is not # "atarist" or "atariste" at least should have a processor @@ -390,37 +375,40 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ # be no problem. atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) echo m68k-atari-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) echo m68k-milan-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) echo m68k-hades-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) echo m68k-unknown-mint${UNAME_RELEASE} - exit 0 ;; + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten${UNAME_RELEASE} + exit ;; powerpc:machten:*:*) echo powerpc-apple-machten${UNAME_RELEASE} - exit 0 ;; + exit ;; RISC*:Mach:*:*) echo mips-dec-mach_bsd4.3 - exit 0 ;; + exit ;; RISC*:ULTRIX:*:*) echo mips-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; VAX*:ULTRIX*:*:*) echo vax-dec-ultrix${UNAME_RELEASE} - exit 0 ;; + exit ;; 2020:CLIX:*:* | 2430:CLIX:*:*) echo clipper-intergraph-clix${UNAME_RELEASE} - exit 0 ;; + exit ;; mips:*:*:UMIPS | mips:*:*:RISCos) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -444,32 +432,33 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:$ exit (-1); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c \ - && $dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ - && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && + dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`$dummy $dummyarg` && + { echo "$SYSTEM_NAME"; exit; } echo mips-mips-riscos${UNAME_RELEASE} - exit 0 ;; + exit ;; Motorola:PowerMAX_OS:*:*) echo powerpc-motorola-powermax - exit 0 ;; + exit ;; Motorola:*:4.3:PL8-*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) echo powerpc-harris-powermax - exit 0 ;; + exit ;; Night_Hawk:Power_UNIX:*:*) echo powerpc-harris-powerunix - exit 0 ;; + exit ;; m88k:CX/UX:7*:*) echo m88k-harris-cxux7 - exit 0 ;; + exit ;; m88k:*:4*:R4*) echo m88k-motorola-sysv4 - exit 0 ;; + exit ;; m88k:*:3*:R3*) echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; AViiON:dgux:*:*) # DG/UX returns AViiON for all architectures UNAME_PROCESSOR=`/usr/bin/uname -p` @@ -485,29 +474,29 @@ EOF else echo i586-dg-dgux${UNAME_RELEASE} fi - exit 0 ;; + exit ;; M88*:DolphinOS:*:*) # DolphinOS (SVR3) echo m88k-dolphin-sysv3 - exit 0 ;; + exit ;; M88*:*:R3*:*) # Delta 88k system running SVR3 echo m88k-motorola-sysv3 - exit 0 ;; + exit ;; XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) echo m88k-tektronix-sysv3 - exit 0 ;; + exit ;; Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) echo m68k-tektronix-bsd - exit 0 ;; + exit ;; *:IRIX*:*:*) echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` - exit 0 ;; + exit ;; ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. - echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id - exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' i*86:AIX:*:*) echo i386-ibm-aix - exit 0 ;; + exit ;; ia64:AIX:*:*) if [ -x /usr/bin/oslevel ] ; then IBM_REV=`/usr/bin/oslevel` @@ -515,7 +504,7 @@ EOF IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:2:3) if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then eval $set_cc_for_build @@ -530,14 +519,18 @@ EOF exit(0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 - echo rs6000-ibm-aix3.2.5 + if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then echo rs6000-ibm-aix3.2.4 else echo rs6000-ibm-aix3.2 fi - exit 0 ;; + exit ;; *:AIX:*:[45]) IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then @@ -551,28 +544,28 @@ EOF IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi echo ${IBM_ARCH}-ibm-aix${IBM_REV} - exit 0 ;; + exit ;; *:AIX:*:*) echo rs6000-ibm-aix - exit 0 ;; + exit ;; ibmrt:4.4BSD:*|romp-ibm:BSD:*) echo romp-ibm-bsd4.4 - exit 0 ;; + exit ;; ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to - exit 0 ;; # report: romp-ibm BSD 4.3 + exit ;; # report: romp-ibm BSD 4.3 *:BOSX:*:*) echo rs6000-bull-bosx - exit 0 ;; + exit ;; DPX/2?00:B.O.S.:*:*) echo m68k-bull-sysv3 - exit 0 ;; + exit ;; 9000/[34]??:4.3bsd:1.*:*) echo m68k-hp-bsd - exit 0 ;; + exit ;; hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) echo m68k-hp-bsd4.4 - exit 0 ;; + exit ;; 9000/[34678]??:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` case "${UNAME_MACHINE}" in @@ -634,9 +627,19 @@ EOF esac if [ ${HP_ARCH} = "hppa2.0w" ] then - # avoid double evaluation of $set_cc_for_build - test -n "$CC_FOR_BUILD" || eval $set_cc_for_build - if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E -) | grep __LP64__ >/dev/null + eval $set_cc_for_build + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | + grep __LP64__ >/dev/null then HP_ARCH="hppa2.0w" else @@ -644,11 +647,11 @@ EOF fi fi echo ${HP_ARCH}-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; ia64:HP-UX:*:*) HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` echo ia64-hp-hpux${HPUX_REV} - exit 0 ;; + exit ;; 3050*:HI-UX:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -676,150 +679,179 @@ EOF exit (0); } EOF - $CC_FOR_BUILD -o $dummy $dummy.c && $dummy && exit 0 + $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } echo unknown-hitachi-hiuxwe2 - exit 0 ;; + exit ;; 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) echo hppa1.1-hp-bsd - exit 0 ;; + exit ;; 9000/8??:4.3bsd:*:*) echo hppa1.0-hp-bsd - exit 0 ;; + exit ;; *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) echo hppa1.0-hp-mpeix - exit 0 ;; + exit ;; hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) echo hppa1.1-hp-osf - exit 0 ;; + exit ;; hp8??:OSF1:*:*) echo hppa1.0-hp-osf - exit 0 ;; + exit ;; i*86:OSF1:*:*) if [ -x /usr/sbin/sysversion ] ; then echo ${UNAME_MACHINE}-unknown-osf1mk else echo ${UNAME_MACHINE}-unknown-osf1 fi - exit 0 ;; + exit ;; parisc*:Lites*:*:*) echo hppa1.1-hp-lites - exit 0 ;; + exit ;; C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) echo c1-convex-bsd - exit 0 ;; + exit ;; C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) echo c34-convex-bsd - exit 0 ;; + exit ;; C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) echo c38-convex-bsd - exit 0 ;; + exit ;; C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) echo c4-convex-bsd - exit 0 ;; + exit ;; CRAY*Y-MP:*:*:*) echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*[A-Z]90:*:*:*) echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*TS:*:*:*) echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*T3E:*:*:*) echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; CRAY*SV1:*:*:*) echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + exit ;; *:UNICOS/mp:*:*) - echo nv1-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' - exit 0 ;; + echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit ;; F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" - exit 0 ;; + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; sparc*:BSD/OS:*:*) echo sparc-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; + exit ;; *:BSD/OS:*:*) echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} - exit 0 ;; - *:FreeBSD:*:*|*:GNU/FreeBSD:*:*) - # Determine whether the default compiler uses glibc. - eval $set_cc_for_build - sed 's/^ //' << EOF >$dummy.c - #include - #if __GLIBC__ >= 2 - LIBC=gnu - #else - LIBC= - #endif -EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`${LIBC:+-$LIBC} - exit 0 ;; + exit ;; + *:FreeBSD:*:*) + case ${UNAME_MACHINE} in + pc98) + echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + amd64) + echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + *) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;; + esac + exit ;; i*:CYGWIN*:*) echo ${UNAME_MACHINE}-pc-cygwin - exit 0 ;; + exit ;; i*:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 - exit 0 ;; + exit ;; + i*:windows32*:*) + # uname -m includes "-pc" on this system. + echo ${UNAME_MACHINE}-mingw32 + exit ;; i*:PW*:*) echo ${UNAME_MACHINE}-pc-pw32 - exit 0 ;; - x86:Interix*:[34]*) - echo i586-pc-interix${UNAME_RELEASE}|sed -e 's/\..*//' - exit 0 ;; + exit ;; + x86:Interix*:[3456]*) + echo i586-pc-interix${UNAME_RELEASE} + exit ;; + EM64T:Interix*:[3456]*) + echo x86_64-unknown-interix${UNAME_RELEASE} + exit ;; [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*) echo i${UNAME_MACHINE}-pc-mks - exit 0 ;; + exit ;; i*:Windows_NT*:* | Pentium*:Windows_NT*:*) # How do we know it's Interix rather than the generic POSIX subsystem? # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we # UNAME_MACHINE based on the output of uname instead of i386? echo i586-pc-interix - exit 0 ;; + exit ;; i*:UWIN*:*) echo ${UNAME_MACHINE}-pc-uwin - exit 0 ;; + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; p*:CYGWIN*:*) echo powerpcle-unknown-cygwin - exit 0 ;; + exit ;; prep*:SunOS:5.*:*) echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` - exit 0 ;; + exit ;; *:GNU:*:*) + # the GNU system echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` - exit 0 ;; + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu + exit ;; i*86:Minix:*:*) echo ${UNAME_MACHINE}-pc-minix - exit 0 ;; + exit ;; arm*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + avr32*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; cris:Linux:*:*) echo cris-axis-linux-gnu - exit 0 ;; + exit ;; + crisv32:Linux:*:*) + echo crisv32-axis-linux-gnu + exit ;; + frv:Linux:*:*) + echo frv-unknown-linux-gnu + exit ;; ia64:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR:-unknown}-linux-gnu - exit 0 ;; + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; + m32r*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit ;; m68*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; mips:Linux:*:*) eval $set_cc_for_build sed 's/^ //' << EOF >$dummy.c @@ -836,8 +868,12 @@ EOF #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; mips64:Linux:*:*) eval $set_cc_for_build @@ -855,15 +891,22 @@ EOF #endif #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^CPU=` - test x"${CPU}" != x && echo "${CPU}-unknown-linux-gnu" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^CPU/{ + s: ::g + p + }'`" + test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; } ;; + or32:Linux:*:*) + echo or32-unknown-linux-gnu + exit ;; ppc:Linux:*:*) - echo powerpc-${VENDOR:-unknown}-linux-gnu - exit 0 ;; + echo powerpc-unknown-linux-gnu + exit ;; ppc64:Linux:*:*) - echo powerpc64-${VENDOR:-unknown}-linux-gnu - exit 0 ;; + echo powerpc64-unknown-linux-gnu + exit ;; alpha:Linux:*:*) case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in EV5) UNAME_MACHINE=alphaev5 ;; @@ -877,7 +920,7 @@ EOF objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} - exit 0 ;; + exit ;; parisc:Linux:*:* | hppa:Linux:*:*) # Look for CPU level case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in @@ -885,25 +928,28 @@ EOF PA8*) echo hppa2.0-unknown-linux-gnu ;; *) echo hppa-unknown-linux-gnu ;; esac - exit 0 ;; + exit ;; parisc64:Linux:*:* | hppa64:Linux:*:*) echo hppa64-unknown-linux-gnu - exit 0 ;; + exit ;; s390:Linux:*:* | s390x:Linux:*:*) - echo ${UNAME_MACHINE}-${VENDOR:-ibm}-linux-gnu - exit 0 ;; + echo ${UNAME_MACHINE}-ibm-linux + exit ;; sh64*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sh*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; sparc:Linux:*:* | sparc64:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-gnu - exit 0 ;; + exit ;; + vax:Linux:*:*) + echo ${UNAME_MACHINE}-dec-linux-gnu + exit ;; x86_64:Linux:*:*) - echo x86_64-${VENDOR:-unknown}-linux-gnu - exit 0 ;; + echo x86_64-unknown-linux-gnu + exit ;; i*86:Linux:*:*) # The BFD linker knows what the default object file format is, so # first see if it will tell us. cd to the root directory to prevent @@ -921,15 +967,15 @@ EOF ;; a.out-i386-linux) echo "${UNAME_MACHINE}-pc-linux-gnuaout" - exit 0 ;; + exit ;; coff-i386) echo "${UNAME_MACHINE}-pc-linux-gnucoff" - exit 0 ;; + exit ;; "") # Either a pre-BFD a.out linker (linux-gnuoldld) or # one that does not give us useful --help. echo "${UNAME_MACHINE}-pc-linux-gnuoldld" - exit 0 ;; + exit ;; esac # Determine whether the default compiler is a.out or elf eval $set_cc_for_build @@ -946,23 +992,33 @@ EOF LIBC=gnulibc1 # endif #else - #ifdef __INTEL_COMPILER + #if defined(__INTEL_COMPILER) || defined(__PGI) || defined(__SUNPRO_C) || defined(__SUNPRO_CC) LIBC=gnu #else LIBC=gnuaout #endif #endif + #ifdef __dietlibc__ + LIBC=dietlibc + #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep ^LIBC=` - test x"${LIBC}" != x && echo "${UNAME_MACHINE}-${VENDOR:-pc}-linux-${LIBC}" && exit 0 - test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + eval "`$CC_FOR_BUILD -E $dummy.c 2>/dev/null | sed -n ' + /^LIBC/{ + s: ::g + p + }'`" + test x"${LIBC}" != x && { + echo "${UNAME_MACHINE}-pc-linux-${LIBC}" + exit + } + test x"${TENTATIVE}" != x && { echo "${TENTATIVE}"; exit; } ;; i*86:DYNIX/ptx:4*:*) # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. # earlier versions are messed up and put the nodename in both # sysname and nodename. echo i386-sequent-sysv4 - exit 0 ;; + exit ;; i*86:UNIX_SV:4.2MP:2.*) # Unixware is an offshoot of SVR4, but it has its own version # number series starting with 2... @@ -970,24 +1026,27 @@ EOF # I just have to hope. -- rms. # Use sysv4.2uw... so that sysv4* matches it. echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:OS/2:*:*) # If we were able to find `uname', then EMX Unix compatibility # is probably installed. echo ${UNAME_MACHINE}-pc-os2-emx - exit 0 ;; + exit ;; i*86:XTS-300:*:STOP) echo ${UNAME_MACHINE}-unknown-stop - exit 0 ;; + exit ;; i*86:atheos:*:*) echo ${UNAME_MACHINE}-unknown-atheos - exit 0 ;; + exit ;; + i*86:syllable:*:*) + echo ${UNAME_MACHINE}-pc-syllable + exit ;; i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) echo i386-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; i*86:*DOS:*:*) echo ${UNAME_MACHINE}-pc-msdosdjgpp - exit 0 ;; + exit ;; i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then @@ -995,15 +1054,16 @@ EOF else echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} fi - exit 0 ;; - i*86:*:5:[78]*) + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. case `/bin/uname -X | grep "^Machine"` in *486*) UNAME_MACHINE=i486 ;; *Pentium) UNAME_MACHINE=i586 ;; *Pent*|*Celeron) UNAME_MACHINE=i686 ;; esac echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} - exit 0 ;; + exit ;; i*86:*:3.2:*) if test -f /usr/options/cb.name; then UNAME_REL=`sed -n 's/.*Version //p' /dev/null 2>&1 ; then echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 else # Add other i860-SVR4 vendors below as they are discovered. echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 fi - exit 0 ;; + exit ;; mini*:CTIX:SYS*5:*) # "miniframe" echo m68010-convergent-sysv - exit 0 ;; + exit ;; mc68k:UNIX:SYSTEM5:3.51m) echo m68k-convergent-sysv - exit 0 ;; + exit ;; M680?0:D-NIX:5.3:*) echo m68k-diab-dnix - exit 0 ;; - M68*:*:R3V[567]*:*) - test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; - 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0) + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) OS_REL='' test -r /etc/.relid \ && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + && { echo i486-ncr-sysv4.3${OS_REL}; exit; } /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ - && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;; 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ - && echo i486-ncr-sysv4 && exit 0 ;; + && { echo i486-ncr-sysv4; exit; } ;; m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) echo m68k-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; mc68030:UNIX_System_V:4.*:*) echo m68k-atari-sysv4 - exit 0 ;; + exit ;; TSUNAMI:LynxOS:2.*:*) echo sparc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; rs6000:LynxOS:2.*:*) echo rs6000-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) echo powerpc-unknown-lynxos${UNAME_RELEASE} - exit 0 ;; + exit ;; SM[BE]S:UNIX_SV:*:*) echo mips-dde-sysv${UNAME_RELEASE} - exit 0 ;; + exit ;; RM*:ReliantUNIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; RM*:SINIX-*:*:*) echo mips-sni-sysv4 - exit 0 ;; + exit ;; *:SINIX-*:*:*) if uname -p 2>/dev/null >/dev/null ; then UNAME_MACHINE=`(uname -p) 2>/dev/null` @@ -1095,68 +1155,72 @@ EOF else echo ns32k-sni-sysv fi - exit 0 ;; + exit ;; PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort # says echo i586-unisys-sysv4 - exit 0 ;; + exit ;; *:UNIX_System_V:4*:FTX*) # From Gerald Hewes . # How about differentiating between stratus architectures? -djm echo hppa1.1-stratus-sysv4 - exit 0 ;; + exit ;; *:*:*:FTX*) # From seanf@swdc.stratus.com. echo i860-stratus-sysv4 - exit 0 ;; + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo ${UNAME_MACHINE}-stratus-vos + exit ;; *:VOS:*:*) # From Paul.Green@stratus.com. echo hppa1.1-stratus-vos - exit 0 ;; + exit ;; mc68*:A/UX:*:*) echo m68k-apple-aux${UNAME_RELEASE} - exit 0 ;; + exit ;; news*:NEWS-OS:6*:*) echo mips-sony-newsos6 - exit 0 ;; + exit ;; R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) if [ -d /usr/nec ]; then echo mips-nec-sysv${UNAME_RELEASE} else echo mips-unknown-sysv${UNAME_RELEASE} fi - exit 0 ;; + exit ;; BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. echo powerpc-be-beos - exit 0 ;; + exit ;; BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. echo powerpc-apple-beos - exit 0 ;; + exit ;; BePC:BeOS:*:*) # BeOS running on Intel PC compatible. echo i586-pc-beos - exit 0 ;; + exit ;; SX-4:SUPER-UX:*:*) echo sx4-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-5:SUPER-UX:*:*) echo sx5-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; SX-6:SUPER-UX:*:*) echo sx6-nec-superux${UNAME_RELEASE} - exit 0 ;; + exit ;; Power*:Rhapsody:*:*) echo powerpc-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Rhapsody:*:*) echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Darwin:*:*) - case `uname -p` in - *86) UNAME_PROCESSOR=i686 ;; - powerpc) UNAME_PROCESSOR=powerpc ;; + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + case $UNAME_PROCESSOR in + unknown) UNAME_PROCESSOR=powerpc ;; esac echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} - exit 0 ;; + exit ;; *:procnto*:*:* | *:QNX:[0123456789]*:*) UNAME_PROCESSOR=`uname -p` if test "$UNAME_PROCESSOR" = "x86"; then @@ -1164,22 +1228,25 @@ EOF UNAME_MACHINE=pc fi echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE} - exit 0 ;; + exit ;; *:QNX:*:4*) echo i386-pc-qnx - exit 0 ;; - NSR-[DGKLNPTVW]:NONSTOP_KERNEL:*:*) + exit ;; + NSE-?:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk${UNAME_RELEASE} + exit ;; + NSR-?:NONSTOP_KERNEL:*:*) echo nsr-tandem-nsk${UNAME_RELEASE} - exit 0 ;; + exit ;; *:NonStop-UX:*:*) echo mips-compaq-nonstopux - exit 0 ;; + exit ;; BS2000:POSIX*:*:*) echo bs2000-siemens-sysv - exit 0 ;; + exit ;; DS/*:UNIX_System_V:*:*) echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} - exit 0 ;; + exit ;; *:Plan9:*:*) # "uname -m" is not consistent, so use $cputype instead. 386 # is converted to i386 for consistency with other x86 @@ -1190,28 +1257,47 @@ EOF UNAME_MACHINE="$cputype" fi echo ${UNAME_MACHINE}-unknown-plan9 - exit 0 ;; + exit ;; *:TOPS-10:*:*) echo pdp10-unknown-tops10 - exit 0 ;; + exit ;; *:TENEX:*:*) echo pdp10-unknown-tenex - exit 0 ;; + exit ;; KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) echo pdp10-dec-tops20 - exit 0 ;; + exit ;; XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) echo pdp10-xkl-tops20 - exit 0 ;; + exit ;; *:TOPS-20:*:*) echo pdp10-unknown-tops20 - exit 0 ;; + exit ;; *:ITS:*:*) echo pdp10-unknown-its - exit 0 ;; + exit ;; SEI:*:*:SEIUX) echo mips-sei-seiux${UNAME_RELEASE} - exit 0 ;; + exit ;; + *:DragonFly:*:*) + echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "${UNAME_MACHINE}" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//' + exit ;; + i*86:rdos:*:*) + echo ${UNAME_MACHINE}-pc-rdos + exit ;; esac #echo '(No uname command or uname output not recognized.)' 1>&2 @@ -1243,7 +1329,7 @@ main () #endif #if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix"); exit (0); + printf ("arm-acorn-riscix\n"); exit (0); #endif #if defined (hp300) && !defined (hpux) @@ -1332,11 +1418,12 @@ main () } EOF -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && $dummy && exit 0 +$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && + { echo "$SYSTEM_NAME"; exit; } # Apollos put the system type in the environment. -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } # Convex versions that predate uname can use getsysinfo(1) @@ -1345,22 +1432,22 @@ then case `getsysinfo -f cpu_type` in c1*) echo c1-convex-bsd - exit 0 ;; + exit ;; c2*) if getsysinfo -f scalar_acc then echo c32-convex-bsd else echo c2-convex-bsd fi - exit 0 ;; + exit ;; c34*) echo c34-convex-bsd - exit 0 ;; + exit ;; c38*) echo c38-convex-bsd - exit 0 ;; + exit ;; c4*) echo c4-convex-bsd - exit 0 ;; + exit ;; esac fi @@ -1371,7 +1458,9 @@ This script, last modified $timestamp, h the operating system you are using. It is advised that you download the most up to date version of the config scripts from - ftp://ftp.gnu.org/pub/gnu/config/ + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess +and + http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub If the version you run ($0) is already up to date, please send the following data and any information you think might be debian/patches/CVE-2015-5221.patch0000644000000000000000000000156113314672524013241 0ustar From df5d2867e8004e51e18b89865bc4aa69229227b3 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Mon, 19 Sep 2016 10:03:36 +0100 Subject: [PATCH] CVE-2015-5221 --- src/libjasper/mif/mif_cod.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Index: jasper-1.900.1-debian1/src/libjasper/mif/mif_cod.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/mif/mif_cod.c 2018-06-27 07:30:26.518944900 -0400 +++ jasper-1.900.1-debian1/src/libjasper/mif/mif_cod.c 2018-06-27 07:30:26.518944900 -0400 @@ -569,13 +569,13 @@ static int mif_process_cmpt(mif_hdr_t *h break; } } - jas_tvparser_destroy(tvp); if (!cmpt->sampperx || !cmpt->samppery) { goto error; } if (mif_hdr_addcmpt(hdr, hdr->numcmpts, cmpt)) { goto error; } + jas_tvparser_destroy(tvp); return 0; error: ././@LongLink0000644000000000000000000000017200000000000011603 Lustar rootrootdebian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8882_CVE-2016-9560.patchdebian/patches/12_CVE-2016-1867_CVE-2016-8654_CVE-2016-8691_CVE-2016-8692_CVE-2016-8693_CVE-2016-8880000644000000000000000000001444313046440247022434 0ustar diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c --- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_stream.c 2017-02-07 22:46:28.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/base/jas_stream.c 2017-02-07 22:46:07.040456152 +0100 @@ -985,8 +985,9 @@ { unsigned char *buf; - assert(m->buf_); - if (!(buf = jas_realloc(m->buf_, bufsize))) { + //assert(m->buf_); + assert(bufsize >= 0); + if (!(buf = jas_realloc(m->buf_, bufsize)) && bufsize) { return -1; } m->buf_ = buf; diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c 2017-02-07 22:46:28.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c 2017-02-07 22:46:02.168382641 +0100 @@ -512,6 +512,16 @@ jas_free(siz->comps); return -1; } + if (siz->comps[i].hsamp == 0 || siz->comps[i].hsamp > 255) { + jas_eprintf("invalid XRsiz value %d\n", siz->comps[i].hsamp); + jas_free(siz->comps); + return -1; + } + if (siz->comps[i].vsamp == 0 || siz->comps[i].vsamp > 255) { + jas_eprintf("invalid YRsiz value %d\n", siz->comps[i].vsamp); + jas_free(siz->comps); + return -1; + } siz->comps[i].sgnd = (tmp >> 7) & 1; siz->comps[i].prec = (tmp & 0x7f) + 1; } diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2017-02-07 22:46:28.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2017-02-07 22:46:13.736555435 +0100 @@ -674,7 +674,7 @@ uint_fast32_t tmpxend; uint_fast32_t tmpyend; jpc_dec_cp_t *cp; - jpc_tsfb_band_t bnds[64]; + jpc_tsfb_band_t bnds[JPC_MAXBANDS]; jpc_pchg_t *pchg; int pchgno; jpc_dec_cmpt_t *cmpt; @@ -989,23 +989,23 @@ } if (tile->cp) { jpc_dec_cp_destroy(tile->cp); - tile->cp = 0; + //tile->cp = 0; } if (tile->tcomps) { jas_free(tile->tcomps); - tile->tcomps = 0; + //tile->tcomps = 0; } if (tile->pi) { jpc_pi_destroy(tile->pi); - tile->pi = 0; + //tile->pi = 0; } if (tile->pkthdrstream) { jas_stream_close(tile->pkthdrstream); - tile->pkthdrstream = 0; + //tile->pkthdrstream = 0; } if (tile->pptstab) { jpc_ppxstab_destroy(tile->pptstab); - tile->pptstab = 0; + //tile->pptstab = 0; } tile->state = JPC_TILE_DONE; @@ -1148,7 +1148,11 @@ return -1; } } - jpc_dec_tilefini(dec, tile); + /* If the tile has not yet been finalized, finalize it. */ + // OLD CODE: jpc_dec_tilefini(dec, tile); + if (tile->state != JPC_TILE_DONE) { + jpc_dec_tilefini(dec, tile); + } } /* We are done processing the code stream. */ @@ -1204,6 +1208,8 @@ dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); dec->numtiles = dec->numhtiles * dec->numvtiles; + JAS_DBGLOG(10, ("numtiles = %d; numhtiles = %d; numvtiles = %d;\n", + dec->numtiles, dec->numhtiles, dec->numvtiles)); if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { return -1; } @@ -1228,6 +1234,7 @@ tile->pkthdrstreampos = 0; tile->pptstab = 0; tile->cp = 0; + tile->pi = 0; if (!(tile->tcomps = jas_alloc2(dec->numcomps, sizeof(jpc_dec_tcomp_t)))) { return -1; diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_qmfb.c --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_qmfb.c 2017-02-07 22:46:28.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_qmfb.c 2017-02-07 22:45:59.328339293 +0100 @@ -372,7 +372,7 @@ register jpc_fix_t *dstptr; register int n; register int m; - int hstartcol; + int hstartrow; /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { @@ -383,8 +383,9 @@ } if (numrows >= 2) { - hstartcol = (numrows + 1 - parity) >> 1; - m = (parity) ? hstartcol : (numrows - hstartcol); + hstartrow = (numrows + 1 - parity) >> 1; + m = (parity) ? hstartrow : (numrows - hstartrow); + /* Save the samples destined for the highpass channel. */ n = m; dstptr = buf; @@ -404,7 +405,7 @@ srcptr += stride << 1; } /* Copy the saved samples into the highpass channel. */ - dstptr = &a[hstartcol * stride]; + dstptr = &a[hstartrow * stride]; srcptr = buf; n = m; while (n-- > 0) { @@ -435,19 +436,20 @@ register int n; register int i; int m; - int hstartcol; + int hstartrow; /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc3(bufsize, JPC_QMFB_COLGRPSIZE, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } } if (numrows >= 2) { - hstartcol = (numrows + 1 - parity) >> 1; - m = (parity) ? hstartcol : (numrows - hstartcol); + hstartrow = (numrows + 1 - parity) >> 1; + m = (parity) ? hstartrow : (numrows - hstartrow); + /* Save the samples destined for the highpass channel. */ n = m; dstptr = buf; @@ -479,7 +481,7 @@ srcptr += stride << 1; } /* Copy the saved samples into the highpass channel. */ - dstptr = &a[hstartcol * stride]; + dstptr = &a[hstartrow * stride]; srcptr = buf; n = m; while (n-- > 0) { @@ -520,7 +522,7 @@ /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { - if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { + if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { /* We have no choice but to commit suicide in this case. */ abort(); } diff -Naur jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1-debian1/src/libjasper/jpc/jpc_t2cod.c --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_t2cod.c 2017-02-07 22:46:28.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_t2cod.c 2017-02-07 22:45:54.464331040 +0100 @@ -429,7 +429,7 @@ } for (pi->compno = pchg->compnostart, pi->picomp = - &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend); ++pi->compno, + &pi->picomps[pi->compno]; pi->compno < JAS_CAST(int, pchg->compnoend) && pi->compno < pi->numcomps; ++pi->compno, ++pi->picomp) { pirlvl = pi->picomp->pirlvls; pi->xstep = pi->picomp->hsamp * (1 << (pirlvl->prcwidthexpn + debian/patches/CVE-2016-9387-1.patch0000644000000000000000000000254213314673464013425 0ustar From d91198abd00fc435a397fe6bad906a4c1748e9cf Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Sun, 23 Oct 2016 03:34:35 -0700 Subject: [PATCH] Fixed another integer overflow problem. --- src/libjasper/jpc/jpc_dec.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:38:26.251181627 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:38:26.247181626 -0400 @@ -1177,6 +1177,7 @@ static int jpc_dec_process_siz(jpc_dec_t int htileno; int vtileno; jpc_dec_cmpt_t *cmpt; + size_t size; dec->xstart = siz->xoff; dec->ystart = siz->yoff; @@ -1213,7 +1214,10 @@ static int jpc_dec_process_siz(jpc_dec_t dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth); dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight); - dec->numtiles = dec->numhtiles * dec->numvtiles; + if (!jas_safe_size_mul(dec->numhtiles, dec->numvtiles, &size)) { + return -1; + } + dec->numtiles = size; JAS_DBGLOG(10, ("numtiles = %d; numhtiles = %d; numvtiles = %d;\n", dec->numtiles, dec->numhtiles, dec->numvtiles)); if (!(dec->tiles = jas_alloc2(dec->numtiles, sizeof(jpc_dec_tile_t)))) { debian/patches/13_CVE-2016-9591.patch0000644000000000000000000001650513071134752013563 0ustar From 03fe49ab96bf65fea784cdc256507ea88267fc7c Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Thu, 2 Mar 2017 08:07:04 -0800 Subject: [PATCH] Fixed some potential double-free problems in the JPC codec. --- src/libjasper/jpc/jpc_enc.c | 75 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 62 insertions(+), 13 deletions(-) diff --git a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c index 03646d6..b8b47f1 100644 --- a/src/libjasper/jpc/jpc_enc.c +++ b/src/libjasper/jpc/jpc_enc.c @@ -1140,8 +1140,9 @@ static int jpc_enc_encodemainbody(jpc_enc_t *enc) tilex = tileno % cp->numhtiles; tiley = tileno / cp->numhtiles; - if (!(enc->curtile = jpc_enc_tile_create(enc->cp, enc->image, tileno))) { - abort(); + if (!(enc->curtile = jpc_enc_tile_create(enc->cp, enc->image, + tileno))) { + return -1; } tile = enc->curtile; @@ -2036,6 +2037,8 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_enc_cp_t *cp, jas_image_t *image, int ti return 0; } +/* Note: I don't think that it is necessary to marked destroyed subobjects +as such in this function. */ void jpc_enc_tile_destroy(jpc_enc_tile_t *tile) { jpc_enc_tcmpt_t *tcmpt; @@ -2047,16 +2050,21 @@ void jpc_enc_tile_destroy(jpc_enc_tile_t *tile) tcmpt_destroy(tcmpt); } jas_free(tile->tcmpts); + /* tile->tcmpts = NULL; */ } if (tile->lyrsizes) { jas_free(tile->lyrsizes); + /* tile->lyrsizes = NULL; */ } if (tile->pi) { jpc_pi_destroy(tile->pi); + /* tile->pi = NULL; */ } jas_free(tile); + /* tile = NULL; */ } +/* Note: This constructor creates the object in place. */ static jpc_enc_tcmpt_t *tcmpt_create(jpc_enc_tcmpt_t *tcmpt, jpc_enc_cp_t *cp, jas_image_t *image, jpc_enc_tile_t *tile) { @@ -2152,6 +2160,10 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc_enc_tcmpt_t *tcmpt, jpc_enc_cp_t *cp, } +/* Note: Since jpc_enc_tcmpt_t objects are created in-place, they might +potentially be destroyed multiple times at different levels in the call +chain. So, destroyed subobjects must be marked as destroyed to prevent +problems such as double frees. */ static void tcmpt_destroy(jpc_enc_tcmpt_t *tcmpt) { jpc_enc_rlvl_t *rlvl; @@ -2163,16 +2175,20 @@ static void tcmpt_destroy(jpc_enc_tcmpt_t *tcmpt) rlvl_destroy(rlvl); } jas_free(tcmpt->rlvls); + tcmpt->rlvls = NULL; } if (tcmpt->data) { jas_seq2d_destroy(tcmpt->data); + tcmpt->data = NULL; } if (tcmpt->tsfb) { jpc_tsfb_destroy(tcmpt->tsfb); + tcmpt->tsfb = NULL; } } +/* Note: This constructor creates the object in place. */ static jpc_enc_rlvl_t *rlvl_create(jpc_enc_rlvl_t *rlvl, jpc_enc_cp_t *cp, jpc_enc_tcmpt_t *tcmpt, jpc_tsfb_band_t *bandinfos) { @@ -2254,6 +2270,10 @@ static jpc_enc_rlvl_t *rlvl_create(jpc_enc_rlvl_t *rlvl, jpc_enc_cp_t *cp, return 0; } +/* Note: Since jpc_enc_rlvl_t objects are created in-place, they might +potentially be destroyed multiple times at different levels in the call +chain. So, destroyed subobjects must be marked as destroyed to prevent +problems such as double frees. */ static void rlvl_destroy(jpc_enc_rlvl_t *rlvl) { jpc_enc_band_t *band; @@ -2265,9 +2285,11 @@ static void rlvl_destroy(jpc_enc_rlvl_t *rlvl) band_destroy(band); } jas_free(rlvl->bands); + rlvl->bands = NULL; } } +/* Note: This constructor creates the object in place. */ static jpc_enc_band_t *band_create(jpc_enc_band_t *band, jpc_enc_cp_t *cp, jpc_enc_rlvl_t *rlvl, jpc_tsfb_band_t *bandinfos) { @@ -2335,6 +2357,10 @@ if (band->data) { return 0; } +/* Note: Since jpc_enc_band_t objects are created in-place, they might +potentially be destroyed multiple times at different levels in the call +chain. So, destroyed subobjects must be marked as destroyed to prevent +problems such as double frees. */ static void band_destroy(jpc_enc_band_t *band) { jpc_enc_prc_t *prc; @@ -2348,12 +2374,15 @@ static void band_destroy(jpc_enc_band_t *band) prc_destroy(prc); } jas_free(band->prcs); + band->prcs = NULL; } if (band->data) { jas_seq2d_destroy(band->data); + band->data = NULL; } } +/* Note: This constructor creates the object in place. */ static jpc_enc_prc_t *prc_create(jpc_enc_prc_t *prc, jpc_enc_cp_t *cp, jpc_enc_band_t *band) { uint_fast32_t prcno; @@ -2383,21 +2412,21 @@ static jpc_enc_prc_t *prc_create(jpc_enc_prc_t *prc, jpc_enc_cp_t *cp, jpc_enc_b rlvl = band->rlvl; tcmpt = rlvl->tcmpt; -rlvlno = rlvl - tcmpt->rlvls; + rlvlno = rlvl - tcmpt->rlvls; prcno = prc - band->prcs; prcxind = prcno % rlvl->numhprcs; prcyind = prcno / rlvl->numhprcs; prc->band = band; -tlprctlx = JPC_FLOORTOMULTPOW2(rlvl->tlx, rlvl->prcwidthexpn); -tlprctly = JPC_FLOORTOMULTPOW2(rlvl->tly, rlvl->prcheightexpn); -if (!rlvlno) { - tlcbgtlx = tlprctlx; - tlcbgtly = tlprctly; -} else { - tlcbgtlx = JPC_CEILDIVPOW2(tlprctlx, 1); - tlcbgtly = JPC_CEILDIVPOW2(tlprctly, 1); -} + tlprctlx = JPC_FLOORTOMULTPOW2(rlvl->tlx, rlvl->prcwidthexpn); + tlprctly = JPC_FLOORTOMULTPOW2(rlvl->tly, rlvl->prcheightexpn); + if (!rlvlno) { + tlcbgtlx = tlprctlx; + tlcbgtly = tlprctly; + } else { + tlcbgtlx = JPC_CEILDIVPOW2(tlprctlx, 1); + tlcbgtly = JPC_CEILDIVPOW2(tlprctly, 1); + } /* Compute the coordinates of the top-left and bottom-right corners of the precinct. */ @@ -2479,6 +2508,10 @@ if (!rlvlno) { return 0; } +/* Note: Since jpc_enc_prc_t objects are created in-place, they might +potentially be destroyed multiple times at different levels in the call +chain. So, destroyed subobjects must be marked as destroyed to prevent +problems such as double frees. */ static void prc_destroy(jpc_enc_prc_t *prc) { jpc_enc_cblk_t *cblk; @@ -2490,22 +2523,29 @@ static void prc_destroy(jpc_enc_prc_t *prc) cblk_destroy(cblk); } jas_free(prc->cblks); + prc->cblks = NULL; } if (prc->incltree) { jpc_tagtree_destroy(prc->incltree); + prc->incltree = NULL; } if (prc->nlibtree) { jpc_tagtree_destroy(prc->nlibtree); + prc->nlibtree = NULL; } if (prc->savincltree) { jpc_tagtree_destroy(prc->savincltree); + prc->savincltree = NULL; } if (prc->savnlibtree) { jpc_tagtree_destroy(prc->savnlibtree); + prc->savnlibtree = NULL; } } -static jpc_enc_cblk_t *cblk_create(jpc_enc_cblk_t *cblk, jpc_enc_cp_t *cp, jpc_enc_prc_t *prc) +/* Note: This constructor creates the object in place. */ +static jpc_enc_cblk_t *cblk_create(jpc_enc_cblk_t *cblk, jpc_enc_cp_t *cp, + jpc_enc_prc_t *prc) { jpc_enc_band_t *band; uint_fast32_t cblktlx; @@ -2563,6 +2603,10 @@ static jpc_enc_cblk_t *cblk_create(jpc_enc_cblk_t *cblk, jpc_enc_cp_t *cp, jpc_e return 0; } +/* Note: Since jpc_enc_cblk_t objects are created in-place, they might +potentially be destroyed multiple times at different levels in the call +chain. So, destroyed subobjects must be marked as destroyed to prevent +problems such as double frees. */ static void cblk_destroy(jpc_enc_cblk_t *cblk) { uint_fast16_t passno; @@ -2573,18 +2617,23 @@ static void cblk_destroy(jpc_enc_cblk_t *cblk) pass_destroy(pass); } jas_free(cblk->passes); + cblk->passes = NULL; } if (cblk->stream) { jas_stream_close(cblk->stream); + cblk->stream = NULL; } if (cblk->mqenc) { jpc_mqenc_destroy(cblk->mqenc); + cblk->mqenc = NULL; } if (cblk->data) { jas_seq2d_destroy(cblk->data); + cblk->data = NULL; } if (cblk->flags) { jas_seq2d_destroy(cblk->flags); + cblk->flags = NULL; } } debian/patches/CVE-2016-9390.patch0000644000000000000000000000175413314723130013247 0ustar From ba2b9d000660313af7b692542afbd374c5685865 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Tue, 25 Oct 2016 16:18:51 -0700 Subject: [PATCH] Ensure that not all tiles lie outside the image area. --- src/libjasper/jpc/jpc_cs.c | 4 ++++ src/libjasper/jpc/jpc_dec.c | 1 + 2 files changed, 5 insertions(+) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:42:17.640528359 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:42:17.640528359 -0400 @@ -502,6 +502,10 @@ static int jpc_siz_getparms(jpc_ms_t *ms !siz->tileheight || !siz->numcomps) { return -1; } + if (siz->tilexoff >= siz->width || siz->tileyoff >= siz->height) { + jas_eprintf("all tiles are outside the image area\n"); + return -1; + } if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) { return -1; } debian/patches/11-CVE-2016-2116.patch0000644000000000000000000000111212667034002013442 0ustar Description: CVE-2016-2116: Prevent jas_stream_t memory leak in jas_iccprof_createfrombuf() Origin: vendor, http://www.openwall.com/lists/oss-security/2016/03/03/12 Bug-Debian: https://bugs.debian.org/816626 Forwarded: not-needed Author: Tyler Hicks Reviewed-by: Salvatore Bonaccorso Last-Update: 2016-03-05 --- a/src/libjasper/base/jas_icc.c +++ b/src/libjasper/base/jas_icc.c @@ -1693,6 +1693,8 @@ jas_iccprof_t *jas_iccprof_createfrombuf jas_stream_close(in); return prof; error: + if (in) + jas_stream_close(in); return 0; } debian/patches/CVE-2016-9389.patch0000644000000000000000000000670113314711570013261 0ustar Backport of: From dee11ec440d7908d1daf69f40a3324b27cf213ba Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Mon, 24 Oct 2016 07:26:40 -0700 Subject: [PATCH] The component domains must be the same for the ICT/RCT in the JPC codec. This was previously enforced with an assertion. Now, it is handled in a more graceful manner. --- src/libjasper/base/jas_image.c | 19 +++++++++++++++++++ src/libjasper/include/jasper/jas_image.h | 4 ++++ src/libjasper/jpc/jpc_dec.c | 8 ++++++++ 3 files changed, 31 insertions(+) Index: jasper-1.900.1-debian1/src/libjasper/base/jas_image.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_image.c 2018-06-27 09:28:20.298298534 -0400 +++ jasper-1.900.1-debian1/src/libjasper/base/jas_image.c 2018-06-27 09:28:51.310447866 -0400 @@ -641,6 +641,24 @@ int jas_image_fmtfromname(char *name) * Miscellaneous operations. \******************************************************************************/ +bool jas_image_cmpt_domains_same(jas_image_t *image) +{ + int cmptno; + jas_image_cmpt_t *cmpt; + jas_image_cmpt_t *cmpt0; + + cmpt0 = image->cmpts_[0]; + for (cmptno = 1; cmptno < image->numcmpts_; ++cmptno) { + cmpt = image->cmpts_[cmptno]; + if (cmpt->tlx_ != cmpt0->tlx_ || cmpt->tly_ != cmpt0->tly_ || + cmpt->hstep_ != cmpt0->hstep_ || cmpt->vstep_ != cmpt0->vstep_ || + cmpt->width_ != cmpt0->width_ || cmpt->height_ != cmpt0->height_) { + return 0; + } + } + return 1; +} + uint_fast32_t jas_image_rawsize(jas_image_t *image) { uint_fast32_t rawsize; Index: jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_image.h =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/include/jasper/jas_image.h 2018-06-27 09:28:20.298298534 -0400 +++ jasper-1.900.1-debian1/src/libjasper/include/jasper/jas_image.h 2018-06-27 09:29:02.186499333 -0400 @@ -399,6 +399,9 @@ void jas_image_destroy(jas_image_t *imag ((image)->cmpts_[cmptno]->tly_ + (image)->cmpts_[cmptno]->height_ * \ (image)->cmpts_[cmptno]->vstep_) +// Test if all components are specified at the same positions in space. */ +bool jas_image_cmpt_domains_same(jas_image_t *image); + /* Get the raw size of an image (i.e., the nominal size of the image without any compression. */ uint_fast32_t jas_image_rawsize(jas_image_t *image); Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2018-06-27 09:28:20.298298534 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2018-06-27 09:28:20.294298516 -0400 @@ -1073,6 +1073,10 @@ static int jpc_dec_tiledecode(jpc_dec_t jas_eprintf("RCT requires at least three components\n"); return -1; } + if (!jas_image_cmpt_domains_same(dec->image)) { + jas_eprintf("RCT requires all components have the same domain\n"); + return -1; + } jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; @@ -1081,6 +1085,10 @@ static int jpc_dec_tiledecode(jpc_dec_t jas_eprintf("ICT requires at least three components\n"); return -1; } + if (!jas_image_cmpt_domains_same(dec->image)) { + jas_eprintf("RCT requires all components have the same domain\n"); + return -1; + } jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; debian/patches/05-CVE-2014-8137.patch0000644000000000000000000000327212460235227013470 0ustar Description: CVE-2014-8137: double-free in in jas_iccattrval_destroy() Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=967283, https://bugzilla.redhat.com/attachment.cgi?id=967284 Bug-Debian: https://bugs.debian.org/773463 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1173157 Forwarded: no Author: Tomas Hoger Last-Update: 2014-12-20 --- a/src/libjasper/base/jas_icc.c +++ b/src/libjasper/base/jas_icc.c @@ -1010,7 +1010,6 @@ static int jas_icccurv_input(jas_iccattr return 0; error: - jas_icccurv_destroy(attrval); return -1; } @@ -1128,7 +1127,6 @@ static int jas_icctxtdesc_input(jas_icca #endif return 0; error: - jas_icctxtdesc_destroy(attrval); return -1; } @@ -1207,8 +1205,6 @@ static int jas_icctxt_input(jas_iccattrv goto error; return 0; error: - if (txt->string) - jas_free(txt->string); return -1; } @@ -1329,7 +1325,6 @@ static int jas_icclut8_input(jas_iccattr goto error; return 0; error: - jas_icclut8_destroy(attrval); return -1; } @@ -1498,7 +1493,6 @@ static int jas_icclut16_input(jas_iccatt goto error; return 0; error: - jas_icclut16_destroy(attrval); return -1; } --- a/src/libjasper/jp2/jp2_dec.c +++ b/src/libjasper/jp2/jp2_dec.c @@ -291,7 +291,10 @@ jas_image_t *jp2_decode(jas_stream_t *in case JP2_COLR_ICC: iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp, dec->colr->data.colr.iccplen); - assert(iccprof); + if (!iccprof) { + jas_eprintf("error: failed to parse ICC profile\n"); + goto error; + } jas_iccprof_gethdr(iccprof, &icchdr); jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc); jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc)); debian/patches/CVE-2016-9600.patch0000644000000000000000000000471213314712513013241 0ustar From a632c6b54bd4ffc3bebab420e00b7e7688aa3846 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Fri, 30 Dec 2016 07:27:48 -0800 Subject: [PATCH] Fixed a problem in the JP2 encoder that caused a null pointer dereference when no ICC profile data is available (e.g., in the case of an unknown color space). Reference: https://github.com/mdadams/jasper/issues/109 --- src/libjasper/jp2/jp2_enc.c | 46 +++++++++++++++++++++++++++++++++------------ 1 file changed, 34 insertions(+), 12 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_enc.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_enc.c 2018-06-27 09:44:53.637960607 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_enc.c 2018-06-27 09:46:40.334283041 -0400 @@ -115,6 +115,8 @@ int sgnd; box = 0; tmpstream = 0; + iccstream = 0; + iccprof = 0; allcmptssame = 1; sgnd = jas_image_cmptsgnd(image, 0); @@ -228,22 +230,36 @@ int sgnd; colr->method = JP2_COLR_ICC; colr->pri = JP2_COLR_PRI; colr->approx = 0; - iccprof = jas_iccprof_createfromcmprof(jas_image_cmprof(image)); - assert(iccprof); - iccstream = jas_stream_memopen(0, 0); - assert(iccstream); - if (jas_iccprof_save(iccprof, iccstream)) - abort(); - if ((pos = jas_stream_tell(iccstream)) < 0) - abort(); + /* Ensure that cmprof_ is not null. */ + if (!jas_image_cmprof(image)) { + goto error; + } + if (!(iccprof = jas_iccprof_createfromcmprof( + jas_image_cmprof(image)))) { + goto error; + } + if (!(iccstream = jas_stream_memopen(0, 0))) { + goto error; + } + if (jas_iccprof_save(iccprof, iccstream)) { + goto error; + } + if ((pos = jas_stream_tell(iccstream)) < 0) { + goto error; + } colr->iccplen = pos; - colr->iccp = jas_malloc(pos); - assert(colr->iccp); + if (!(colr->iccp = jas_malloc(pos))) { + goto error; + } jas_stream_rewind(iccstream); - if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != colr->iccplen) - abort(); + if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != + colr->iccplen) { + goto error; + } jas_stream_close(iccstream); + iccstream = 0; jas_iccprof_destroy(iccprof); + iccprof = 0; break; } if (jp2_box_put(box, tmpstream)) { @@ -334,6 +350,12 @@ int sgnd; error: + if (iccprof) { + jas_iccprof_destroy(iccprof); + } + if (iccstream) { + jas_stream_close(iccstream); + } if (box) { jp2_box_destroy(box); } debian/patches/08-CVE-2014-8158.patch0000644000000000000000000001755612460232336013506 0ustar Description: CVE-2014-8158: unrestricted stack memory use in jpc_qmfb.c Origin: vendor, http://pkgs.fedoraproject.org/cgit/jasper.git/tree/jasper-CVE-2014-8158.patch Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1179298 Bug-Debian: https://bugs.debian.org/775970 Forwarded: not-needed Author: Salvatore Bonaccorso Last-Update: 2015-01-22 --- a/src/libjasper/jpc/jpc_qmfb.c +++ b/src/libjasper/jpc/jpc_qmfb.c @@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in { int bufsize = JPC_CEILDIVPOW2(numcols, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; -#else - jpc_fix_t splitbuf[bufsize]; -#endif jpc_fix_t *buf = splitbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; @@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in register int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in abort(); } } -#endif if (numcols >= 2) { hstartcol = (numcols + 1 - parity) >> 1; @@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE]; -#else - jpc_fix_t splitbuf[bufsize]; -#endif jpc_fix_t *buf = splitbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; @@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in register int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE]; -#endif jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t splitbuf[bufsize * numcols]; -#endif jpc_fix_t *buf = splitbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, int m; int hstartcol; -#if !defined(HAVE_VLA) /* Get a buffer. */ if (bufsize > QMFB_SPLITBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, abort(); } } -#endif if (numrows >= 2) { hstartcol = (numrows + 1 - parity) >> 1; @@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, } } -#if !defined(HAVE_VLA) /* If the split buffer was allocated on the heap, free this memory. */ if (buf != splitbuf) { jas_free(buf); } -#endif } @@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int { int bufsize = JPC_CEILDIVPOW2(numcols, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; -#else - jpc_fix_t joinbuf[bufsize]; -#endif jpc_fix_t *buf = joinbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int abort(); } } -#endif hstartcol = (numcols + 1 - parity) >> 1; @@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int ++srcptr; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE]; -#else - jpc_fix_t joinbuf[bufsize]; -#endif jpc_fix_t *buf = joinbuf; register jpc_fix_t *srcptr; register jpc_fix_t *dstptr; register int n; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) { @@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int ++srcptr; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE]; -#endif jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, register int i; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) { @@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, srcptr += JPC_QMFB_COLGRPSIZE; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } @@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, { int bufsize = JPC_CEILDIVPOW2(numrows, 1); -#if !defined(HAVE_VLA) jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE]; -#else - jpc_fix_t joinbuf[bufsize * numcols]; -#endif jpc_fix_t *buf = joinbuf; jpc_fix_t *srcptr; jpc_fix_t *dstptr; @@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, register int i; int hstartcol; -#if !defined(HAVE_VLA) /* Allocate memory for the join buffer from the heap. */ if (bufsize > QMFB_JOINBUFSIZE) { if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) { @@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, abort(); } } -#endif hstartcol = (numrows + 1 - parity) >> 1; @@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, srcptr += numcols; } -#if !defined(HAVE_VLA) /* If the join buffer was allocated on the heap, free this memory. */ if (buf != joinbuf) { jas_free(buf); } -#endif } debian/patches/CVE-2017-1000050.patch0000644000000000000000000000174513314716736013467 0ustar From 58ba0365d911b9f9dd68e9abf826682c0b4f2293 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Mon, 6 Mar 2017 08:06:54 -0800 Subject: [PATCH] Added a check in the JP2 encoder to ensure that the image to be coded has at least one component. Also, made some small changes to a private build script. --- build/my_build | 8 ++++---- src/libjasper/jp2/jp2_enc.c | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_enc.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_enc.c 2018-06-27 10:22:49.423032996 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_enc.c 2018-06-27 10:23:22.587145048 -0400 @@ -118,6 +118,10 @@ int sgnd; iccstream = 0; iccprof = 0; + if (jas_image_numcmpts(image) < 1) { + goto error; + } + allcmptssame = 1; sgnd = jas_image_cmptsgnd(image, 0); prec = jas_image_cmptprec(image, 0); debian/patches/CVE-2016-8883.patch0000644000000000000000000000333013314673314013255 0ustar Backport of: From 33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Wed, 19 Oct 2016 15:02:20 -0700 Subject: [PATCH] The RCT and ICT require at least three components. Previously, this was enforced with an assertion. Now, the assertion has been replaced with a proper error check. --- src/libjasper/jpc/jpc_dec.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:35:37.403098460 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_dec.c 2018-06-27 07:36:25.771122297 -0400 @@ -1069,12 +1069,18 @@ static int jpc_dec_tiledecode(jpc_dec_t /* Apply an inverse intercomponent transform if necessary. */ switch (tile->cp->mctid) { case JPC_MCT_RCT: - assert(dec->numcomps == 3 || dec->numcomps == 4); + if (dec->numcomps < 3) { + jas_eprintf("RCT requires at least three components\n"); + return -1; + } jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; case JPC_MCT_ICT: - assert(dec->numcomps == 3 || dec->numcomps == 4); + if (dec->numcomps < 3) { + jas_eprintf("ICT requires at least three components\n"); + return -1; + } jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data, tile->tcomps[2].data); break; @@ -1126,7 +1132,7 @@ static int jpc_dec_tiledecode(jpc_dec_t JPC_CEILDIV(dec->ystart, cmpt->vstep), jas_matrix_numcols( tcomp->data), jas_matrix_numrows(tcomp->data), tcomp->data)) { jas_eprintf("write component failed\n"); - return -4; + return -1; } } debian/patches/CVE-2016-9396.patch0000644000000000000000000000206613314713635013263 0ustar Backport of: From a10536d5f7f3164b0a1f1ae3e533f4a12ca6f543 Mon Sep 17 00:00:00 2001 From: Max Kellermann Date: Fri, 6 Oct 2017 19:15:22 +0200 Subject: [PATCH] jpc_cs: reject all but JPC_COX_INS and JPC_COX_RFT Fixes assertion failure JPC_NOMINALGAIN() which can be caused by a crafted JP2 file. Closes #50, #142 --- src/libjasper/jpc/jpc_cs.c | 3 +++ 1 file changed, 3 insertions(+) Index: jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:45:32.133407752 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jpc/jpc_cs.c 2018-06-27 07:45:32.133407752 -0400 @@ -782,6 +782,9 @@ static int jpc_cox_getcompparms(jpc_ms_t jpc_getuint8(in, &compparms->qmfbid)) { return -1; } + if (compparms->qmfbid != JPC_COX_INS && + compparms->qmfbid != JPC_COX_RFT) + return -1; compparms->numrlvls = compparms->numdlvls + 1; if (compparms->numrlvls > JPC_MAXRLVLS) { jpc_cox_destroycompparms(compparms); debian/patches/10-CVE-2016-2089.patch0000644000000000000000000000450412667034002013462 0ustar Description: CVE-2016-2089: matrix rows_ NULL pointer dereference in jas_matrix_clip() Origin: vendor Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1302636 Bug-Debian: https://bugs.debian.org/812978 Forwarded: not-needed Author: Tomas Hoger Reviewed-by: Salvatore Bonaccorso Last-Update: 2016-03-05 --- a/src/libjasper/base/jas_image.c +++ b/src/libjasper/base/jas_image.c @@ -426,6 +426,10 @@ int jas_image_readcmpt(jas_image_t *imag return -1; } + if (!data->rows_) { + return -1; + } + if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { if (jas_matrix_resize(data, height, width)) { return -1; @@ -479,6 +483,10 @@ int jas_image_writecmpt(jas_image_t *ima return -1; } + if (!data->rows_) { + return -1; + } + if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) { return -1; } --- a/src/libjasper/base/jas_seq.c +++ b/src/libjasper/base/jas_seq.c @@ -262,6 +262,10 @@ void jas_matrix_divpow2(jas_matrix_t *ma int rowstep; jas_seqent_t *data; + if (!matrix->rows_) { + return; + } + rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { @@ -282,6 +286,10 @@ void jas_matrix_clip(jas_matrix_t *matri jas_seqent_t *data; int rowstep; + if (!matrix->rows_) { + return; + } + rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { @@ -306,6 +314,10 @@ void jas_matrix_asr(jas_matrix_t *matrix int rowstep; jas_seqent_t *data; + if (!matrix->rows_) { + return; + } + assert(n >= 0); rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, @@ -325,6 +337,10 @@ void jas_matrix_asl(jas_matrix_t *matrix int rowstep; jas_seqent_t *data; + if (!matrix->rows_) { + return; + } + rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { @@ -367,6 +383,10 @@ void jas_matrix_setall(jas_matrix_t *mat int rowstep; jas_seqent_t *data; + if (!matrix->rows_) { + return; + } + rowstep = jas_matrix_rowstep(matrix); for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i, rowstart += rowstep) { debian/patches/04-CVE-2014-9029.patch0000644000000000000000000000255612440335231013466 0ustar Description: CVE-2014-9029: Heap overflows in libjasper Origin: vendor, https://bugzilla.redhat.com/attachment.cgi?id=961994&action=diff Bug-Debian: https://bugs.debian.org/772036 Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1167537 Forwarded: no Author: Tomas Hoger Reviewed-by: Salvatore Bonaccorso Last-Update: 2014-11-28 --- a/src/libjasper/jpc/jpc_dec.c +++ b/src/libjasper/jpc/jpc_dec.c @@ -1280,7 +1280,7 @@ static int jpc_dec_process_coc(jpc_dec_t jpc_coc_t *coc = &ms->parms.coc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, coc->compno) > dec->numcomps) { + if (JAS_CAST(int, coc->compno) >= dec->numcomps) { jas_eprintf("invalid component number in COC marker segment\n"); return -1; } @@ -1306,7 +1306,7 @@ static int jpc_dec_process_rgn(jpc_dec_t jpc_rgn_t *rgn = &ms->parms.rgn; jpc_dec_tile_t *tile; - if (JAS_CAST(int, rgn->compno) > dec->numcomps) { + if (JAS_CAST(int, rgn->compno) >= dec->numcomps) { jas_eprintf("invalid component number in RGN marker segment\n"); return -1; } @@ -1355,7 +1355,7 @@ static int jpc_dec_process_qcc(jpc_dec_t jpc_qcc_t *qcc = &ms->parms.qcc; jpc_dec_tile_t *tile; - if (JAS_CAST(int, qcc->compno) > dec->numcomps) { + if (JAS_CAST(int, qcc->compno) >= dec->numcomps) { jas_eprintf("invalid component number in QCC marker segment\n"); return -1; } debian/patches/CVE-2016-10250.patch0000644000000000000000000000356713314673444013332 0ustar Backport of: From bdfe95a6e81ffb4b2fad31a76b57943695beed20 Mon Sep 17 00:00:00 2001 From: Michael Adams Date: Sun, 23 Oct 2016 03:52:29 -0700 Subject: [PATCH] Fixed another problem with incorrect cleanup of JP2 box data upon error. --- src/libjasper/jp2/jp2_cod.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) Index: jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c =================================================================== --- jasper-1.900.1-debian1.orig/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:37:05.675141955 -0400 +++ jasper-1.900.1-debian1/src/libjasper/jp2/jp2_cod.c 2018-06-27 07:37:05.675141955 -0400 @@ -258,13 +258,16 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) if (!(box = jas_malloc(sizeof(jp2_box_t)))) { goto error; } + + // Mark the box data as never having been constructed + // so that we will not errantly attempt to destroy it later. box->ops = &jp2_boxinfo_unk.ops; + if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) { goto error; } boxinfo = jp2_boxinfolookup(box->type); box->info = boxinfo; - box->ops = &boxinfo->ops; box->len = len; JAS_DBGLOG(10, ( "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n", @@ -294,14 +297,15 @@ jp2_box_t *jp2_box_get(jas_stream_t *in) goto error; } if (jas_stream_copy(tmpstream, in, box->datalen)) { - // Mark the box data as never having been constructed - // so that we will not errantly attempt to destroy it later. - box->ops = &jp2_boxinfo_unk.ops; jas_eprintf("cannot copy box data\n"); goto error; } jas_stream_rewind(tmpstream); + // From here onwards, the box data will need to be destroyed. + // So, initialize the box operations. + box->ops = &boxinfo->ops; + if (box->ops->getdata) { if ((*box->ops->getdata)(box, tmpstream)) { jas_eprintf("cannot parse box data\n"); debian/patches/14_CVE-2016-10249.patch0000644000000000000000000000451513071134757013637 0ustar Backport of 988f8365f7d8ad8073b6786e433d34c553ecf568 From: Michael Adams Also backport jas_safe_size_mul() diff -aur jasper-1.900.1-debian1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1-debian1/src/libjasper/base/jas_seq.c --- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_seq.c 2017-03-15 16:30:46.000000000 +0100 +++ jasper-1.900.1-debian1/src/libjasper/base/jas_seq.c 2017-03-15 16:36:57.410704785 +0100 @@ -101,9 +101,16 @@ { jas_matrix_t *matrix; int i; + size_t size; + matrix = 0; + + if (numrows < 0 || numcols < 0) { + goto error; + } + if (!(matrix = jas_malloc(sizeof(jas_matrix_t)))) { - return 0; + goto error; } matrix->flags_ = 0; matrix->numrows_ = numrows; @@ -111,21 +118,25 @@ matrix->rows_ = 0; matrix->maxrows_ = numrows; matrix->data_ = 0; - matrix->datasize_ = numrows * numcols; + matrix->datasize_ = 0; + + // matrix->datasize_ = numrows * numcols; + if (!jas_safe_size_mul(numrows, numcols, &size)) { + goto error; + } + matrix->datasize_ = size; if (matrix->maxrows_ > 0) { if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_, sizeof(jas_seqent_t *)))) { - jas_matrix_destroy(matrix); - return 0; + goto error; } } if (matrix->datasize_ > 0) { if (!(matrix->data_ = jas_alloc2(matrix->datasize_, sizeof(jas_seqent_t)))) { - jas_matrix_destroy(matrix); - return 0; + goto error; } } @@ -143,6 +154,12 @@ matrix->yend_ = matrix->numrows_; return matrix; + +error: + if (matrix) { + jas_matrix_destroy(matrix); + } + return 0; } void jas_matrix_destroy(jas_matrix_t *matrix) --- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_math.h 2016-11-30 15:16:36.376026487 +0100 +++ jasper-1.900.1/src/libjasper/include/jasper/jas_math.h 2016-11-30 15:17:11.011071690 +0100 @@ -79,6 +79,7 @@ #include #include #include +#include #ifdef __cplusplus extern "C" { @@ -110,6 +111,19 @@ #define JAS_ONES(n) \ ((1 << (n)) - 1) +inline static int jas_safe_size_mul(size_t x, size_t y, size_t *result) +{ + /* Check if overflow would occur */ + if (x && y > SIZE_MAX / x) { + /* Overflow would occur. */ + return 0; + } + if (result) { + *result = x * y; + } + return 1; +} + #ifdef __cplusplus } #endif debian/clean0000644000000000000000000000003011622251605010164 0ustar config.guess config.sub debian/compat0000644000000000000000000000000211654266025010373 0ustar 9 debian/copyright0000644000000000000000000000574211606647215011141 0ustar This package was debianized by Christopher L Cheney on Fri, 22 Aug 2003 01:33:34 -0500. The current maintainer is Roland Stigge It was downloaded from http://www.ece.uvic.ca/~mdadams/jasper/ Upstream Author: Michael Adams License: JasPer License Version 2.0 Copyright (c) 1999-2000 Image Power, Inc. Copyright (c) 1999-2000 The University of British Columbia Copyright (c) 2001-2003 Michael David Adams All rights reserved. Permission is hereby granted, free of charge, to any person (the "User") obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 1. The above copyright notices and this permission notice (which includes the disclaimer below) shall be included in all copies or substantial portions of the Software. 2. The name of a copyright holder shall not be used to endorse or promote products derived from the Software without specific prior written permission. THIS DISCLAIMER OF WARRANTY CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF THE SOFTWARE IS AUTHORIZED HEREUNDER EXCEPT UNDER THIS DISCLAIMER. THE SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. NO ASSURANCES ARE PROVIDED BY THE COPYRIGHT HOLDERS THAT THE SOFTWARE DOES NOT INFRINGE THE PATENT OR OTHER INTELLECTUAL PROPERTY RIGHTS OF ANY OTHER ENTITY. EACH COPYRIGHT HOLDER DISCLAIMS ANY LIABILITY TO THE USER FOR CLAIMS BROUGHT BY ANY OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR OTHERWISE. AS A CONDITION TO EXERCISING THE RIGHTS GRANTED HEREUNDER, EACH USER HEREBY ASSUMES SOLE RESPONSIBILITY TO SECURE ANY OTHER INTELLECTUAL PROPERTY RIGHTS NEEDED, IF ANY. THE SOFTWARE IS NOT FAULT-TOLERANT AND IS NOT INTENDED FOR USE IN MISSION-CRITICAL SYSTEMS, SUCH AS THOSE USED IN THE OPERATION OF NUCLEAR FACILITIES, AIRCRAFT NAVIGATION OR COMMUNICATION SYSTEMS, AIR TRAFFIC CONTROL SYSTEMS, DIRECT LIFE SUPPORT MACHINES, OR WEAPONS SYSTEMS, IN WHICH THE FAILURE OF THE SOFTWARE OR SYSTEM COULD LEAD DIRECTLY TO DEATH, PERSONAL INJURY, OR SEVERE PHYSICAL OR ENVIRONMENTAL DAMAGE ("HIGH RISK ACTIVITIES"). THE COPYRIGHT HOLDERS SPECIFICALLY DISCLAIM ANY EXPRESS OR IMPLIED WARRANTY OF FITNESS FOR HIGH RISK ACTIVITIES. debian/source/0000755000000000000000000000000011607110213010456 5ustar debian/source/format0000644000000000000000000000001411607110213011664 0ustar 3.0 (quilt) debian/imginfo.10000644000000000000000000000077311606647215010717 0ustar .TH imginfo 1 "20 June 2004" "Version 1.701.0" "JasPer Manual" .SH NAME imginfo \- Image information utility .SH SYNOPSIS .B imginfo .RI [ options ] .SH DESCRIPTION The .B imginfo command displays information about an image. Please use the \-\-help command line switch and the JasPer Software Reference Manual for more information. .SH SEE ALSO .IR jasper (1) .SH AUTHOR Michael D. Adams This manpage was initially written by Roland Stigge for the Debian Project. debian/libjasper-runtime.install0000644000000000000000000000011712250360743014213 0ustar debian/tmp/usr/bin/imgcmp debian/tmp/usr/bin/imginfo debian/tmp/usr/bin/jasper debian/imgcmp.10000644000000000000000000000103211606647215010530 0ustar .TH imgcmp 1 "20 June 2004" "Version 1.701.0" "JasPer Manual" .SH NAME imgcmp \- Image comparison utility .SH SYNOPSIS .B imgcmp .RI [ options ] .SH DESCRIPTION The .B imgcmp command compares two images of the same geometry with respect to a given metric. Please use the \-\-help command line switch and the JasPer Software Reference Manual for more information. .SH SEE ALSO .IR jasper (1) .SH AUTHOR Michael D. Adams This manpage was initially written by Roland Stigge for the Debian Project. debian/jasper.10000644000000000000000000000077111606647215010551 0ustar .TH jasper 1 "20 June 2004" "Version 1.701.0" "JasPer Manual" .SH NAME jasper \- File format converter specialized in JPEG-2000 encoding .SH SYNOPSIS .B jasper .RI [ options ] .SH DESCRIPTION The .B jasper command converts to and from JPEG-2000 files. Please use the \-\-help command line switch and the JasPer Software Reference Manual for more information. .SH AUTHOR Michael D. Adams This manpage was initially written by Roland Stigge for the Debian Project. debian/libjasper-runtime.manpages0000644000000000000000000000007611606647215014352 0ustar debian/jasper.1 debian/jiv.1 debian/imgcmp.1 debian/imginfo.1 debian/changelog0000644000000000000000000002725613314723620011055 0ustar jasper (1.900.1-14ubuntu3.5) trusty-security; urgency=medium * SECURITY UPDATE: double-free in jasper_image_stop_load - debian/patches/CVE-2015-5203-CVE-2016-9262.patch: fix overflow and double free in src/libjasper/base/jas_image.c, src/libjasper/include/jasper/jas_math.h. (Thanks to Red Hat for the patch!) - CVE-2015-5203 * SECURITY UPDATE: use-after-free in mif_process_cmpt - debian/patches/CVE-2015-5221.patch: fix use-after-free in src/libjasper/mif/mif_cod.c. - CVE-2015-5221 * SECURITY UPDATE: denial of service in jpc_tsfb_synthesize - debian/patches/CVE-2016-10248.patch: fix type promotion and prevent null pointer dereference in src/libjasper/include/jasper/jas_seq.h, src/libjasper/jpc/jpc_dec.c, src/libjasper/jpc/jpc_tsfb.c. - CVE-2016-10248 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-10250.patch: fix cleanup in src/libjasper/jp2/jp2_cod.c. - CVE-2016-10250 * SECURITY UPDATE: denial of service in jpc_dec_tiledecode - debian/patches/CVE-2016-8883.patch: remove asserts in src/libjasper/jpc/jpc_dec.c. - CVE-2016-8883 * SECURITY UPDATE: denial of service in jp2_colr_destroy - debian/patches/CVE-2016-8887.patch: don't destroy box that doesn't exist in src/libjasper/jp2/jp2_cod.c, src/libjasper/jp2/jp2_dec.c. - CVE-2016-8887 * SECURITY UPDATE: integer overflow in jpc_dec_process_siz - debian/patches/CVE-2016-9387-1.patch: fix overflow in src/libjasper/jpc/jpc_dec.c. - debian/patches/CVE-2016-9387-2.patch: add more checks to src/libjasper/jpc/jpc_dec.c. - CVE-2016-9387 * SECURITY UPDATE: denial of service in ras_getcmap - debian/patches/CVE-2016-9388.patch: remove assertions in src/libjasper/ras/ras_dec.c, src/libjasper/ras/ras_enc.c. - CVE-2016-9388 * SECURITY UPDATE: denial of service in jpc_irct and jpc_iict functions - debian/patches/CVE-2016-9389.patch: add check to src/libjasper/base/jas_image.c, src/libjasper/jpc/jpc_dec.c, src/libjasper/include/jasper/jas_image.h. - CVE-2016-9389 * SECURITY UPDATE: denial of service in jas_seq2d_create - debian/patches/CVE-2016-9390.patch: check tiles in src/libjasper/jpc/jpc_cs.c. - CVE-2016-9390 * SECURITY UPDATE: denial of service in jpc_bitstream_getbits - debian/patches/CVE-2016-9391.patch: add tests to src/libjasper/jpc/jpc_bs.c, src/libjasper/jpc/jpc_cs.c. - CVE-2016-9391 * SECURITY UPDATE: multiple denial of service issues - debian/patches/CVE-2016-9392-3-4.patch: add more checks to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9392 - CVE-2016-9393 - CVE-2016-9394 * SECURITY UPDATE: denial of service in JPC_NOMINALGAIN - debian/patches/CVE-2016-9396.patch: add check to src/libjasper/jpc/jpc_cs.c. - CVE-2016-9396 * SECURITY UPDATE: denial of service via crafted image - debian/patches/CVE-2016-9600.patch: add more checks to src/libjasper/jp2/jp2_enc.c. - CVE-2016-9600 * SECURITY UPDATE: NULL pointer exception in jp2_encode - debian/patches/CVE-2017-1000050.patch: check number of components in src/libjasper/jp2/jp2_enc.c. - CVE-2017-1000050 * SECURITY UPDATE: denial of service in jp2_cdef_destroy - debian/patches/CVE-2017-6850.patch: initialize data in src/libjasper/base/jas_stream.c, src/libjasper/jp2/jp2_cod.c. - CVE-2017-6850 -- Marc Deslauriers Wed, 27 Jun 2018 11:04:48 -0400 jasper (1.900.1-14ubuntu3.4) trusty-security; urgency=medium * SECURITY UPDATE: multiple security issues - debian/patches/*: synchronize security fixes with Debian's 1.900.1-debian1-2.4+deb8u3 release. Thanks! - CVE-2016-1867, CVE-2016-2089, CVE-2016-8654, CVE-2016-8691, CVE-2016-8692, CVE-2016-8693, CVE-2016-8882, CVE-2016-9560, CVE-2016-9591, CVE-2016-10249, CVE-2016-10251 -- Marc Deslauriers Thu, 18 May 2017 10:42:09 -0400 jasper (1.900.1-14ubuntu3.3) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service or possible code execution via crafted ICC color profile (LP: #1547865) - debian/patches/09-CVE-2016-1577.patch: Prevent double-free in src/libjasper/base/jas_icc.c - CVE-2016-1577 * SECURITY UPDATE: Denial of service via resource exhaustion via crafted ICC color profile - debian/patches/10-CVE-2016-2116.patch: Prevent memory leak in src/libjasper/base/jas_icc.c - CVE-2016-2116 -- Tyler Hicks Fri, 26 Feb 2016 00:07:11 -0600 jasper (1.900.1-14ubuntu3.2) trusty-security; urgency=medium * SECURITY UPDATE: denial of service via crafted ICC color profile - debian/patches/05-CVE-2014-8137.patch: prevent double-free in src/libjasper/base/jas_icc.c, remove assert in src/libjasper/jp2/jp2_dec.c. - CVE-2014-8137 * SECURITY UPDATE: denial of service or code execution via invalid channel number - debian/patches/06-CVE-2014-8138.patch: validate channel number in src/libjasper/jp2/jp2_dec.c. - CVE-2014-8138 * SECURITY UPDATE: denial of service or code execution via off-by-one - debian/patches/07-CVE-2014-8157.patch: fix off-by-one in src/libjasper/jpc/jpc_dec.c. - CVE-2014-8157 * SECURITY UPDATE: denial of service or code execution via memory corruption - debian/patches/08-CVE-2014-8158.patch: remove HAVE_VLA to use more sensible buffer sizes in src/libjasper/jpc/jpc_qmfb.c. - CVE-2014-8158 -- Marc Deslauriers Thu, 22 Jan 2015 13:00:10 -0500 jasper (1.900.1-14ubuntu3.1) trusty-security; urgency=medium * SECURITY UPDATE: heap overflows via crafted jp2 file - debian/patches/04-CVE-2014-9029.patch: fix off-by-one in src/libjasper/jpc/jpc_dec.c. - CVE-2014-9029 -- Marc Deslauriers Fri, 05 Dec 2014 09:01:05 -0500 jasper (1.900.1-14ubuntu3) trusty; urgency=low * Build using dh-autoreconf. -- Matthias Klose Fri, 06 Dec 2013 15:37:06 +0100 jasper (1.900.1-14) unstable; urgency=low * Fix FTBFS on Hurd by defining PATH_MAX (Closes: #690298) Thanks to Pino Toscano! -- Roland Stigge Sat, 13 Oct 2012 18:06:57 +0200 jasper (1.900.1-13) unstable; urgency=high * Fix CVE-2011-4516 and CVE-2011-4517: Two buffer overflow issues possibly exploitable via specially crafted input files (Closes: #652649) Thanks to Red Hat and Michael Gilbert -- Roland Stigge Wed, 04 Jan 2012 19:14:40 +0100 jasper (1.900.1-12) unstable; urgency=low * Added patch to fix filename buffer overflow, thanks to Jonas Smedegard and Alex Cherepanov from ghostscript (Closes: #649833) -- Roland Stigge Sun, 27 Nov 2011 19:56:01 +0100 jasper (1.900.1-11) unstable; urgency=low * Added Multiarch support, thanks to Colin Watson (Closes: #645118) -- Roland Stigge Wed, 02 Nov 2011 17:16:10 +0100 jasper (1.900.1-10) unstable; urgency=low * Added debian/watch * debian/patches/01-misc-fixes.patch: - Separated out config.{guess,sub} -- Roland Stigge Mon, 15 Aug 2011 19:09:29 +0200 jasper (1.900.1-9) unstable; urgency=low * Switch to dpkg-source 3.0 (quilt) format * Using new dh 7 build system -- Roland Stigge Tue, 12 Jul 2011 20:21:21 +0200 jasper (1.900.1-8) unstable; urgency=low * Removed unneeded .la file (Closes: #633162) * debian/control: - Standards-Version: 3.9.2 - use libjpeg8-dev instead of libjpeg62-dev -- Roland Stigge Mon, 11 Jul 2011 21:27:24 +0200 jasper (1.900.1-7) unstable; urgency=low * Acknowledge NMU * Added patch to fix Debian patch for CVE-2008-3521 (Closes: #506739) * debian/control: Standards-Version: 3.8.4 -- Roland Stigge Sun, 21 Feb 2010 16:09:45 +0100 jasper (1.900.1-6.1) unstable; urgency=low * Non-maintainer upload. * This is a fix for the GeoJP2 patch introduced in 1.900.1-5 which caused GDAL faulting. Thanks Even Rouault. (Closes: #553429) -- Francesco Paolo Lovergine Wed, 28 Oct 2009 09:39:28 +0100 jasper (1.900.1-6) unstable; urgency=low * Reverted to jasper 1.900.1-6 because 1.900.1-5.1 messed up (see #528543) but 1.900.1-5 wasn't available anymore. (Closes: #514296, #528543) * Re-applied patch from #275619 as in 1.900.1-5 * debian/control: Standards-Version: 3.8.2 * Applied patch by Nico Golde (Closes: #501021) - CVE-2008-3522[0]: Buffer overflow. - CVE-2008-3521[1]: unsecure temporary files handling. - CVE-2008-3520[2]: Multiple integer overflows. -- Roland Stigge Sat, 20 Jun 2009 15:21:16 +0200 jasper (1.900.1-5.1) unstable; urgency=low * Non-maintainer upload. * add patches/02_security.dpatch to fix various CVEs (Closes: #501021): + CVE-2008-3522[0]: Buffer overflow. + CVE-2008-3521[1]: unsecure temporary files handling. + CVE-2008-3520[2]: Multiple integer overflows. -- Pierre Habouzit Sun, 12 Oct 2008 21:40:59 +0200 jasper (1.900.1-5) unstable; urgency=low * Added GeoJP2 patch by Sven Geggus (Closes: #275619) * debian/control: Standards-Version: 3.8.0 -- Roland Stigge Sun, 08 Jun 2008 13:14:24 +0200 jasper (1.900.1-4) unstable; urgency=low * src/libjasper/jpc/jpc_dec.c: Extended assert() to accept 4 color components (Closes: #469786) * debian/rules: improve "make distclean", thanks to lintian * debian/control: - Standards-Version: 3.7.3 - ${Source-Version} -> ${binary:Version} - Removed self-dependencies of libjasper-dev -- Roland Stigge Sun, 09 Mar 2008 11:53:44 +0100 jasper (1.900.1-3) unstable; urgency=low * Fixed segfaults on broken images (Closes: #413041) -- Roland Stigge Tue, 10 Apr 2007 10:05:10 +0200 jasper (1.900.1-2) experimental; urgency=low * Added jas_tmr.h to -dev package (Closes: #414705) -- Roland Stigge Tue, 13 Mar 2007 14:23:58 +0100 jasper (1.900.1-1) experimental; urgency=low * New upstream release * debian/control: - Standards-Version: 3.7.2 - Build-Depends: freeglut3-dev instead of libglut3-dev (Closes: #394496) * Renamed packages to libjasper1, libjasper-dev, libjasper-runtime according to upstream shared library naming change -- Roland Stigge Fri, 26 Jan 2007 14:22:18 +0100 jasper (1.701.0-2) unstable; urgency=low * Prevent compression of pdf documents in binary packages * Added man pages for the executables (Closes: #250077) * Again renamed binary packages to reflect Policy: - libjasper-1.701-1 - libjasper-1.701-dev (Provides, Replaces and Conflicts: libjasper-dev) - libjasper-runtime -- Roland Stigge Sun, 20 Jun 2004 13:54:10 +0200 jasper (1.701.0-1) unstable; urgency=low * New maintainer (Closes: #217099) * New upstream release (Closes: #217570) - new DFSG-compliant license (Closes: #218999, #245075) - includes newer libtool related files (Closes: #210383) * debian/control: - Standards-Version: 3.6.1 - Changed binary package names, fixed interdependencies (Closes: #211592) libjasper-1.700-2 => libjasper1 libjasper-1.700-2-dev => libjasper-dev libjasper-progs => libjasper-runtime (new packages conflicting and replacing the old ones) - Added libxi-dev, libxmu-dev, libxt-dev to Build-Depends (Closes: #250481) -- Roland Stigge Sat, 19 Jun 2004 23:19:32 +0200 jasper (1.700.2-1) unstable; urgency=low * Initial Release. -- Christopher L Cheney Fri, 22 Aug 2003 01:30:00 -0500