mingw/mingw-packages/mingw-w64-jasper/jasper-1.900.1-fix-filename-buffer-overflow.patch - kiwivm - Git at Google

 Description: Filename buffer overflow fix
  This patch fixes a security hole by a bad buffer size handling.
 Author: Roland Stigge <stigge@antcom.de>
 Bug-Debian: http://bugs.debian.org/645118

 --- a/src/libjasper/include/jasper/jas_stream.h
 +++ b/src/libjasper/include/jasper/jas_stream.h
 @@ -77,6 +77,7 @@
  #include <jasper/jas_config.h>

  #include <stdio.h>
 +#include <limits.h>
  #if defined(JAS_HAVE_FCNTL_H)
  #include <fcntl.h>
  #endif
 @@ -99,6 +100,12 @@ extern "C" {
  #define O_BINARY	0
  #endif

 +#ifdef PATH_MAX
 +#define JAS_PATH_MAX PATH_MAX
 +#else
 +#define JAS_PATH_MAX 4096
 +#endif
 +
  /*
   * Stream open flags.
   */
 @@ -251,7 +258,7 @@ typedef struct {
  typedef struct {
  	int fd;
  	int flags;
 -	char pathname[L_tmpnam + 1];
 +	char pathname[JAS_PATH_MAX + 1];
  } jas_stream_fileobj_t;

  #define	JAS_STREAM_FILEOBJ_DELONCLOSE	0x01
	Description: Filename buffer overflow fix
	This patch fixes a security hole by a bad buffer size handling.
	Author: Roland Stigge <stigge@antcom.de>
	Bug-Debian: http://bugs.debian.org/645118

	--- a/src/libjasper/include/jasper/jas_stream.h
	+++ b/src/libjasper/include/jasper/jas_stream.h
	@@ -77,6 +77,7 @@
	#include <jasper/jas_config.h>

	#include <stdio.h>
	+#include <limits.h>
	#if defined(JAS_HAVE_FCNTL_H)
	#include <fcntl.h>
	#endif
	@@ -99,6 +100,12 @@ extern "C" {
	#define O_BINARY 0
	#endif

	+#ifdef PATH_MAX
	+#define JAS_PATH_MAX PATH_MAX
	+#else
	+#define JAS_PATH_MAX 4096
	+#endif
	+
	/*
	* Stream open flags.
	*/
	@@ -251,7 +258,7 @@ typedef struct {
	typedef struct {
	int fd;
	int flags;
	- char pathname[L_tmpnam + 1];
	+ char pathname[JAS_PATH_MAX + 1];
	} jas_stream_fileobj_t;

	#define JAS_STREAM_FILEOBJ_DELONCLOSE 0x01