diff mbox series

[meta-oe,scarthgap,1/4] jasper: patch CVE-2024-31744

Message ID 20251216071329.3172170-1-ankur.tyagi85@gmail.com
State New
Headers show
Series [meta-oe,scarthgap,1/4] jasper: patch CVE-2024-31744 | expand

Commit Message

Ankur Tyagi Dec. 16, 2025, 7:13 a.m. UTC 
From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2024-31744

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 .../jasper/jasper/0001-Fixes-381.patch        | 30 +++++++++++++++++++
 .../recipes-graphics/jasper/jasper_4.1.2.bb   |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch
diff mbox series

Patch

diff --git a/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch b/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch
new file mode 100644
index 0000000000..21cf347d18
--- /dev/null
+++ b/meta-oe/recipes-graphics/jasper/jasper/0001-Fixes-381.patch
@@ -0,0 +1,30 @@ 
+From 0a3bbc33b88a44e03c7d7a2732b80f4e2ed45355 Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Fri, 29 Mar 2024 07:57:29 -0700
+Subject: [PATCH] Fixes #381.
+
+Added a missing check to the jpc_dec_process_sod function of the JPC codec.
+Added another image to the test set.
+
+CVE: CVE-2024-31744
+Upstream-Status: Backport [https://github.com/jasper-software/jasper/commit/6d084c53a77762f41bb5310713a5f1872fef55f5]
+Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
+---
+ src/libjasper/jpc/jpc_dec.c |   4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/libjasper/jpc/jpc_dec.c b/src/libjasper/jpc/jpc_dec.c
+index 929f7ae..7e44f05 100644
+--- a/src/libjasper/jpc/jpc_dec.c
++++ b/src/libjasper/jpc/jpc_dec.c
+@@ -611,7 +611,9 @@ static int jpc_dec_process_sod(jpc_dec_t *dec, jpc_ms_t *ms)
+ 	if (dec->pkthdrstreams) {
+ 		/* Get the stream containing the packet header data for this
+ 		  tile-part. */
+-		if (!(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams, 0))) {
++		if (jpc_streamlist_numstreams(dec->pkthdrstreams) != 0 &&
++		  !(tile->pkthdrstream = jpc_streamlist_remove(dec->pkthdrstreams,
++		  0))) {
+ 			return -1;
+ 		}
+ 	}
diff --git a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
index 5f6ad067e0..398b3bd05f 100644
--- a/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
+++ b/meta-oe/recipes-graphics/jasper/jasper_4.1.2.bb
@@ -7,6 +7,7 @@  SRC_URI = "git://github.com/jasper-software/jasper.git;protocol=https;branch=mas
            file://0001-Fixes-400.patch \
            file://0001-Fixes-401.patch \
            file://0001-Fixes-402-403.patch \
+           file://0001-Fixes-381.patch \
            "
 SRCREV = "ff633699cb785967a2cb0084d89d56e53c46e416"