diff options
| author | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2012-05-29 17:21:05 +0000 |
|---|---|---|
| committer | Mathieu Malaterre <mathieu.malaterre@gmail.com> | 2012-05-29 17:21:05 +0000 |
| commit | cd8896968df459670442e6a608fae24880a9284c (patch) | |
| tree | 29a584f93e017cd5e1250dd5fc52b61fc4e4ef42 | |
| parent | b94bc0dbe2ce50ba712dcc35d7596e4891a54ec2 (diff) | |
[1.5] This commit hides symptoms of CVE-2009-5030
As explained in issue 5, comment 1. This is an easy fix to avoid memory overrun.
Update issue 5
Update issue 62
| -rw-r--r-- | libopenjpeg/tcd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/libopenjpeg/tcd.c b/libopenjpeg/tcd.c index 1e00dcf5..839ca7c3 100644 --- a/libopenjpeg/tcd.c +++ b/libopenjpeg/tcd.c @@ -334,7 +334,7 @@ void tcd_malloc_encode(opj_tcd_t *tcd, opj_image_t * image, opj_cp_t * cp, int c cblk->y0 = int_max(cblkystart, prc->y0); cblk->x1 = int_min(cblkxend, prc->x1); cblk->y1 = int_min(cblkyend, prc->y1); - cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); + cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ cblk->data[0] = 0; cblk->data[1] = 0; |