93 lines
2.5 KiB
Text
93 lines
2.5 KiB
Text
$NetBSD: patch-CVE-2014-8158,v 1.1 2015/03/11 20:58:26 spz Exp $
|
|
|
|
patch for CVE-2014-8158 loosely based on
|
|
http://pkgs.fedoraproject.org/cgit/jasper.git/plain/jasper-CVE-2014-8158.patch
|
|
|
|
eradicate all code-paths activated by HAVE_VLA
|
|
|
|
--- jasper/src/libjasper/jpc/jpc_qmfb.c.orig 2012-08-08 08:01:36.000000000 +0000
|
|
+++ jasper/src/libjasper/jpc/jpc_qmfb.c
|
|
@@ -158,12 +158,8 @@ static void jpc_qmfb1d_split(jpc_fix_t *
|
|
jpc_fix_t *hstartptr, int hstartind, int hendind)
|
|
{
|
|
int bufsize = JPC_CEILDIVPOW2(endind - startind, 2);
|
|
-#if !defined(HAVE_VLA)
|
|
#define QMFB_SPLITBUFSIZE 4096
|
|
jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
|
|
-#else
|
|
- jpc_fix_t splitbuf[bufsize];
|
|
-#endif
|
|
jpc_fix_t *buf = splitbuf;
|
|
int llen;
|
|
int hlen;
|
|
@@ -179,7 +175,6 @@ static void jpc_qmfb1d_split(jpc_fix_t *
|
|
llen = lendind - lstartind;
|
|
hlen = hendind - hstartind;
|
|
|
|
-#if !defined(HAVE_VLA)
|
|
/* Get a buffer. */
|
|
if (bufsize > QMFB_SPLITBUFSIZE) {
|
|
if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
|
|
@@ -190,7 +185,6 @@ static void jpc_qmfb1d_split(jpc_fix_t *
|
|
return;
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
if (hstartind < lstartind) {
|
|
/* The first sample in the input signal is to appear
|
|
@@ -272,12 +266,10 @@ static void jpc_qmfb1d_split(jpc_fix_t *
|
|
}
|
|
}
|
|
|
|
-#if !defined(HAVE_VLA)
|
|
/* If the split buffer was allocated on the heap, free this memory. */
|
|
if (buf != splitbuf) {
|
|
jas_free(buf);
|
|
}
|
|
-#endif
|
|
}
|
|
|
|
static void jpc_qmfb1d_join(jpc_fix_t *startptr, int startind, int endind,
|
|
@@ -285,12 +277,8 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
|
|
jpc_fix_t *hstartptr, int hstartind, int hendind)
|
|
{
|
|
int bufsize = JPC_CEILDIVPOW2(endind - startind, 2);
|
|
-#if !defined(HAVE_VLA)
|
|
#define QMFB_JOINBUFSIZE 4096
|
|
jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
|
|
-#else
|
|
- jpc_fix_t joinbuf[bufsize];
|
|
-#endif
|
|
jpc_fix_t *buf = joinbuf;
|
|
int llen;
|
|
int hlen;
|
|
@@ -302,7 +290,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
|
|
register int n;
|
|
int state;
|
|
|
|
-#if !defined(HAVE_VLA)
|
|
/* Allocate memory for the join buffer from the heap. */
|
|
if (bufsize > QMFB_JOINBUFSIZE) {
|
|
if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
|
|
@@ -313,7 +300,6 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
|
|
return;
|
|
}
|
|
}
|
|
-#endif
|
|
|
|
twostep = step << 1;
|
|
llen = lendind - lstartind;
|
|
@@ -400,12 +386,10 @@ static void jpc_qmfb1d_join(jpc_fix_t *s
|
|
}
|
|
}
|
|
|
|
-#if !defined(HAVE_VLA)
|
|
/* If the join buffer was allocated on the heap, free this memory. */
|
|
if (buf != joinbuf) {
|
|
jas_free(buf);
|
|
}
|
|
-#endif
|
|
}
|
|
|
|
/******************************************************************************\
|