new file mode 100644
@@ -0,0 +1,78 @@
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/pull/1395/commits/f0727df]
+CVE: CVE-2021-29338
+
+Signed-off-by: Kai Kang <kai.kang@windriver.com>
+
+From f0727df07c4d944d7d1c5002451cfbc9545d3288 Mon Sep 17 00:00:00 2001
+From: Brad Parham <brad.a.parham@intel.com>
+Date: Wed, 12 Jan 2022 12:20:28 +0100
+Subject: [PATCH] Fix integer overflow in num_images
+
+Includes the fix for CVE-2021-29338
+Credit to @kaniini based on #1346
+Fixes #1338
+---
+ src/bin/jp2/opj_compress.c | 4 ++--
+ src/bin/jp2/opj_decompress.c | 5 ++---
+ src/bin/jp2/opj_dump.c | 7 ++++---
+ 3 files changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/bin/jp2/opj_compress.c b/src/bin/jp2/opj_compress.c
+index 8c71d4536..1399d5277 100644
+--- a/src/bin/jp2/opj_compress.c
++++ b/src/bin/jp2/opj_compress.c
+@@ -1959,9 +1959,9 @@ int main(int argc, char **argv)
+ num_images = get_num_images(img_fol.imgdirpath);
+ dirptr = (dircnt_t*)malloc(sizeof(dircnt_t));
+ if (dirptr) {
+- dirptr->filename_buf = (char*)malloc(num_images * OPJ_PATH_LEN * sizeof(
++ dirptr->filename_buf = (char*)calloc(num_images, OPJ_PATH_LEN * sizeof(
+ char)); /* Stores at max 10 image file names*/
+- dirptr->filename = (char**) malloc(num_images * sizeof(char*));
++ dirptr->filename = (char**) calloc(num_images, sizeof(char*));
+ if (!dirptr->filename_buf) {
+ ret = 0;
+ goto fin;
+diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
+index fc0012b63..e1217f891 100644
+--- a/src/bin/jp2/opj_decompress.c
++++ b/src/bin/jp2/opj_decompress.c
+@@ -1374,14 +1374,13 @@ int main(int argc, char **argv)
+ return EXIT_FAILURE;
+ }
+ /* Stores at max 10 image file names */
+- dirptr->filename_buf = (char*)malloc(sizeof(char) *
+- (size_t)num_images * OPJ_PATH_LEN);
++ dirptr->filename_buf = calloc((size_t) num_images, sizeof(char) * OPJ_PATH_LEN);
+ if (!dirptr->filename_buf) {
+ failed = 1;
+ goto fin;
+ }
+
+- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
++ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
+
+ if (!dirptr->filename) {
+ failed = 1;
+diff --git a/src/bin/jp2/opj_dump.c b/src/bin/jp2/opj_dump.c
+index 6111d2ab6..d2646f10e 100644
+--- a/src/bin/jp2/opj_dump.c
++++ b/src/bin/jp2/opj_dump.c
+@@ -515,13 +515,14 @@ int main(int argc, char *argv[])
+ if (!dirptr) {
+ return EXIT_FAILURE;
+ }
+- dirptr->filename_buf = (char*)malloc((size_t)num_images * OPJ_PATH_LEN * sizeof(
+- char)); /* Stores at max 10 image file names*/
++ /* Stores at max 10 image file names*/
++ dirptr->filename_buf = (char*) calloc((size_t) num_images,
++ OPJ_PATH_LEN * sizeof(char));
+ if (!dirptr->filename_buf) {
+ free(dirptr);
+ return EXIT_FAILURE;
+ }
+- dirptr->filename = (char**) malloc((size_t)num_images * sizeof(char*));
++ dirptr->filename = (char**) calloc((size_t) num_images, sizeof(char*));
+
+ if (!dirptr->filename) {
+ goto fails;
@@ -9,6 +9,7 @@ SRC_URI = " \
git://github.com/uclouvain/openjpeg.git;branch=master;protocol=https \
file://0002-Do-not-ask-cmake-to-export-binaries-they-don-t-make-.patch \
file://0001-This-patch-fixed-include-dir-to-usr-include-.-Obviou.patch \
+ file://CVE-2021-29338.patch \
"
SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
S = "${WORKDIR}/git"