kumquat-buildroot/package/jasper/0009-fix-CVE-2016-1577.patch

Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()
Author: Tyler Hicks <tyhicks () canonical com>
Bug-Ubuntu: https://launchpad.net/bugs/1547865

From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c
+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c
@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
 				if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
 					goto error;
 				jas_iccattrval_destroy(attrval);
+				attrval = 0;
 			} else {
 #if 0
 				jas_eprintf("warning: skipping unknown tag type\n");
jasper: add security patches Fixes: CVE-2016-2116 - Memory leak in jas_iccprof_createfrombuf causing memory consumption. CVE-2016-1577 - Double free vulnerability in jas_iccattrval_destroy. CVE-2016-1867 - out-of-bounds read in the jpc_pi_nextcprl() function. CVE-2015-5221 - Use-after-free and double-free flaws in Jasper JPEG-2000 library. CVE-2015-5203 - double free in jasper_image_stop_load() Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> 2016-08-17 03:05:54 +02:00			`Description: CVE-2016-1577: Prevent double-free in jas_iccattrval_destroy()`
			`Author: Tyler Hicks <tyhicks () canonical com>`
			`Bug-Ubuntu: https://launchpad.net/bugs/1547865`

			`From: http://seclists.org/oss-sec/2016/q1/att-507/CVE-2016-1577.patch`

			`Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>`

			`--- jasper-1.900.1-debian1.orig/src/libjasper/base/jas_icc.c`
			`+++ jasper-1.900.1-debian1/src/libjasper/base/jas_icc.c`
			`@@ -300,6 +300,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre`
			`if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))`
			`goto error;`
			`jas_iccattrval_destroy(attrval);`
			`+ attrval = 0;`
			`} else {`
			`#if 0`
			`jas_eprintf("warning: skipping unknown tag type\n");`