package/jasper/0002-check-null-in-jp2_decode-CVE-2018-19542.patch - buildroot - Git at Google

 From fc62d1b7164ded2405fd6a0604548b34a5a77462 Mon Sep 17 00:00:00 2001
 From: Timothy Lyanguzov <timothy.lyanguzov@sap.com>
 Date: Mon, 18 Mar 2019 16:46:24 +1300
 Subject: [PATCH] Fix CVE-2018-19542: Check for NULL pointer in jp2_decode

 Signed-off-by: Michael Vetter <jubalh@iodoru.org>
 ---
  src/libjasper/jp2/jp2_dec.c | 3 +++
  1 file changed, 3 insertions(+)

 diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
 index 03b0eaf..a535c19 100644
 --- a/src/libjasper/jp2/jp2_dec.c
 +++ b/src/libjasper/jp2/jp2_dec.c
 @@ -388,6 +388,9 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
  				jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
  				}
  #endif
 +			} else {
 +				jas_eprintf("error: invalid MTYP in CMAP box\n");
 +				goto error;
  			}
  		}
  	}
	From fc62d1b7164ded2405fd6a0604548b34a5a77462 Mon Sep 17 00:00:00 2001
	From: Timothy Lyanguzov <timothy.lyanguzov@sap.com>
	Date: Mon, 18 Mar 2019 16:46:24 +1300
	Subject: [PATCH] Fix CVE-2018-19542: Check for NULL pointer in jp2_decode

	Signed-off-by: Michael Vetter <jubalh@iodoru.org>
	---
	src/libjasper/jp2/jp2_dec.c \| 3 +++
	1 file changed, 3 insertions(+)

	diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
	index 03b0eaf..a535c19 100644
	--- a/src/libjasper/jp2/jp2_dec.c
	+++ b/src/libjasper/jp2/jp2_dec.c
	@@ -388,6 +388,9 @@ jas_image_t jp2_decode(jas_stream_t in, const char *optstr)
	jas_image_setcmpttype(dec->image, newcmptno, jp2_getct(jas_image_clrspc(dec->image), 0, channo + 1));
	}
	#endif
	+ } else {
	+ jas_eprintf("error: invalid MTYP in CMAP box\n");
	+ goto error;
	}
	}
	}