Debian Bug report logs - #413041
jasper: Heap corruption on malformed image input.

version graph

Package: libjasper-1.701-1; Maintainer for libjasper-1.701-1 is (unknown);

Reported by: Sami Liedes <sliedes@cc.hut.fi>

Date: Thu, 1 Mar 2007 03:42:01 UTC

Severity: grave

Tags: etch, patch, sarge, security

Fixed in version jasper/1.900.1-3

Done: Roland Stigge <stigge@antcom.de>

Bug is archived. No further changes may be made.

Full log


Message #88 received at 413041@bugs.debian.org (full text, mbox):

Received: (at 413041) by bugs.debian.org; 5 Apr 2007 23:40:57 +0000
From sam@zoy.org Thu Apr 05 23:40:56 2007
Return-path: <sam@zoy.org>
Received: from poulet.zoy.org ([80.65.228.129] ident=postfix)
	by rietz.debian.org with esmtp (Exim 4.50)
	id 1HZbZY-0006SJ-N4; Thu, 05 Apr 2007 23:40:56 +0000
Received: from localhost (localhost [127.0.0.1])
	by poulet.zoy.org (Postfix) with ESMTP id AFF2A1206C8;
	Fri,  6 Apr 2007 01:40:55 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at poulet.zoy.org
Received: from poulet.zoy.org ([127.0.0.1])
	by localhost (poulet.zoy.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id QIeUqZVk0MpP; Fri,  6 Apr 2007 01:40:45 +0200 (CEST)
Received: by poulet.zoy.org (Postfix, from userid 1000)
	id 1EE1F1206F4; Fri,  6 Apr 2007 01:40:40 +0200 (CEST)
Date: Fri, 6 Apr 2007 01:40:40 +0200
From: Sam Hocevar <sam@zoy.org>
To: ldoolitt@recycle.lbl.gov
Cc: 413041@bugs.debian.org
Subject: Re: bug reproduces in standalone jasper
Message-ID: <20070405234040.GG11943@zoy.org>
References: <20070327180820.GA4653@recycle.lbl.gov> <20070327215455.GA7887@recycle.lbl.gov>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="KDt/GgjP6HVcx58l"
Content-Disposition: inline
In-Reply-To: <20070327215455.GA7887@recycle.lbl.gov>
Mail-Copies-To: never
X-No-CC: I read mailing-lists; do not CC me on replies.
X-Snort: uid=0(root) gid=0(root)
User-Agent: Mutt/1.5.13 (2006-08-11)
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on rietz.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-5.0 required=4.0 tests=BAYES_00,VALID_BTS_CONTROL 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
[Message part 1 (text/plain, inline)]
tag 413041 +patch
thanks

On Tue, Mar 27, 2007, ldoolitt@recycle.lbl.gov wrote:

> I don't know what went wrong the first time, I tried
> again and Electric Fence found it.  Please test.
> "It works for me" on both broken2.jp2 and broken4.jp2.

   Your patch works, with all broken*.jp2 files. Here is a slightly
better one that checks the numstepsizes value a bit before and returns
an error instead of using assert().

Cheers,
-- 
Sam.
[patch-libjasper-stepsizes-overflow.diff (text/x-diff, attachment)]

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 20:02:38 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.