From cd8896968df459670442e6a608fae24880a9284c Mon Sep 17 00:00:00 2001 From: Mathieu Malaterre Date: Tue, 29 May 2012 17:21:05 +0000 Subject: [PATCH] [1.5] This commit hides symptoms of CVE-2009-5030 As explained in issue 5, comment 1. This is an easy fix to avoid memory overrun. Update issue 5 Update issue 62 --- libopenjpeg/tcd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libopenjpeg/tcd.c b/libopenjpeg/tcd.c index 1e00dcf5..839ca7c3 100644 --- a/libopenjpeg/tcd.c +++ b/libopenjpeg/tcd.c @@ -334,7 +334,7 @@ void tcd_malloc_encode(opj_tcd_t *tcd, opj_image_t * image, opj_cp_t * cp, int c cblk->y0 = int_max(cblkystart, prc->y0); cblk->x1 = int_min(cblkxend, prc->x1); cblk->y1 = int_min(cblkyend, prc->y1); - cblk->data = (unsigned char*) opj_calloc(8192+2, sizeof(unsigned char)); + cblk->data = (unsigned char*) opj_calloc(9728+2, sizeof(unsigned char)); /* FIXME: mqc_init_enc and mqc_byteout underrun the buffer if we don't do this. Why? */ cblk->data[0] = 0; cblk->data[1] = 0;