代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/jasper 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From aa8516b28344aa1263ee538bb7366c4679a0e1a5 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Wed, 24 Jun 2020 21:41:24 +0200
Subject: [PATCH] jpc_t2dec: fix various memory leaks in jpc_dec_decodepkt()
Fixes CVE-2018-20622
Closes https://github.com/jasper-maint/jasper/issues/12
Closes https://github.com/mdadams/jasper/issues/193
---
src/libjasper/jpc/jpc_t2dec.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/libjasper/jpc/jpc_t2dec.c b/src/libjasper/jpc/jpc_t2dec.c
index 81d1f61..e88ccb6 100644
--- a/src/libjasper/jpc/jpc_t2dec.c
+++ b/src/libjasper/jpc/jpc_t2dec.c
@@ -225,6 +225,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
}
if ((present = jpc_bitstream_getbit(inb)) < 0) {
+ jpc_bitstream_close(inb);
return 1;
}
JAS_DBGLOG(10, ("\n", present));
@@ -252,10 +253,12 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
if (!cblk->numpasses) {
leaf = jpc_tagtree_getleaf(prc->incltagtree, usedcblkcnt - 1);
if ((included = jpc_tagtree_decode(prc->incltagtree, leaf, lyrno + 1, inb)) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
} else {
if ((included = jpc_bitstream_getbit(inb)) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
}
@@ -269,6 +272,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
leaf = jpc_tagtree_getleaf(prc->numimsbstagtree, usedcblkcnt - 1);
for (;;) {
if ((ret = jpc_tagtree_decode(prc->numimsbstagtree, leaf, i, inb)) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
if (ret) {
@@ -280,6 +284,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
cblk->firstpassno = cblk->numimsbs * 3;
}
if ((numnewpasses = jpc_getnumnewpasses(inb)) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
JAS_DBGLOG(10, ("numnewpasses=%d ", numnewpasses));
@@ -288,6 +293,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
mycounter = 0;
if (numnewpasses > 0) {
if ((m = jpc_getcommacode(inb)) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
cblk->numlenbits += m;
@@ -298,6 +304,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0);
if (!discard && !seg) {
if (!(seg = jpc_seg_alloc())) {
+ jpc_bitstream_close(inb);
return -1;
}
jpc_seglist_insert(&cblk->segs, cblk->segs.tail, seg);
@@ -312,6 +319,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
mycounter += n;
numnewpasses -= n;
if ((len = jpc_bitstream_getbits(inb, cblk->numlenbits + jpc_floorlog2(n))) < 0) {
+ jpc_bitstream_close(inb);
return -1;
}
JAS_DBGLOG(10, ("len=%d ", len));
@@ -333,6 +341,7 @@ hdroffstart = jas_stream_getrwcount(pkthdrstream);
} else {
if (jpc_bitstream_inalign(inb, 0x7f, 0)) {
jas_eprintf("alignment failed\n");
+ jpc_bitstream_close(inb);
return -1;
}
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手