[oe][meta-oe][kirkstone][PATCH] openjpeg: Fix CVE-2025-50952

openembedded-devel.lists.openembedded.org archive mirror
 help / color / mirror / Atom feed

* [oe][meta-oe][kirkstone][PATCH] openjpeg: Fix CVE-2025-50952
@ 2025-09-02  4:54 vanusuri
  0 siblings, 0 replies; only message in thread
From: vanusuri @ 2025-09-02  4:54 UTC (permalink / raw)
  To: openembedded-devel; +Cc: Vijay Anusuri

From: Vijay Anusuri <vanusuri@mvista.com>

Upstream commit:
https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../openjpeg/openjpeg/CVE-2025-50952.patch    | 32 +++++++++++++++++++
 .../openjpeg/openjpeg_2.4.0.bb                |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch
new file mode 100644
index 0000000000..6d16b37980
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch
@@ -0,0 +1,32 @@
+From d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:17:00 +0100
+Subject: [PATCH] opj_dwt_decode_tile(): avoid potential
+ UndefinedBehaviorSanitizer 'applying zero offset to null pointer' (fixes
+ #1505)
+
+Upstream-Status: Backport [https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37]
+CVE: CVE-2025-50952
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ src/lib/openjp2/dwt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index 4164ba09..f42c47b6 100644
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -2080,7 +2080,9 @@ static OPJ_BOOL opj_dwt_decode_tile(opj_thread_pool_t* tp,
+     OPJ_SIZE_T h_mem_size;
+     int num_threads;
+ 
+-    if (numres == 1U) {
++    /* Not entirely sure for the return code of w == 0 which is triggered per */
++    /* https://github.com/uclouvain/openjpeg/issues/1505 */
++    if (numres == 1U || w == 0) {
+         return OPJ_TRUE;
+     }
+     num_threads = opj_thread_pool_get_thread_count(tp);
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index feecb957ba..fbfbab7aaf 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
     file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
     file://CVE-2023-39327.patch \
+    file://CVE-2025-50952.patch \
 "
 SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
 S = "${WORKDIR}/git"
-- 
2.25.1



^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2025-09-02  4:54 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-09-02  4:54 [oe][meta-oe][kirkstone][PATCH] openjpeg: Fix CVE-2025-50952 vanusuri

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).