[AUTO-CHERRYPICK] jasper: Add patch to resolve CVE-2023-51257 - branch main (#10340)

CBL-Mariner-Bot · Sumynwa · web-flow · commit f0815b0a448f · 2024-09-09T21:43:06.000-07:00
Co-authored-by: Sumynwa &lt;sumsharma@microsoft.com&gt;
diff --git a/SPECS/jasper/CVE-2023-51257.patch b/SPECS/jasper/CVE-2023-51257.patch
@@ -0,0 +1,37 @@
+Date: Thu, 14 Dec 2023 19:04:19 -0800
+Subject: [PATCH] Fixes #367.
+
+Fixed an integer-overflow bug in the ICC profile parsing code.
+Added another invalid image to the test set.
+---
+ src/libjasper/base/jas_icc.c |  10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
+index 0a34587..2b26b5d 100644
+--- a/src/libjasper/base/jas_icc.c
++++ b/src/libjasper/base/jas_icc.c
+@@ -1293,10 +1293,20 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
+ {
+ 	jas_icctxt_t *txt = &attrval->data.txt;
+ 	txt->string = 0;
++	/* The string must at least contain a single null character. */
++	if (cnt < 1) {
++		goto error;
++	}
+ 	if (!(txt->string = jas_malloc(cnt)))
+ 		goto error;
+ 	if (jas_stream_read(in, txt->string, cnt) != cnt)
+ 		goto error;
++	/* Ensure that the string is null terminated. */
++	if (txt->string[cnt - 1] != '\0') {
++		goto error;
++	}
++	/* The following line is redundant, unless we do not enforce that
++	  the last character must be null. */
+ 	txt->string[cnt - 1] = '\0';
+ 	if (strlen(txt->string) + 1 != cnt)
+ 		goto error;
+-- 
+2.25.1
+
diff --git a/SPECS/jasper/jasper.spec b/SPECS/jasper/jasper.spec
@@ -1,7 +1,7 @@
 Summary:        Implementation of the JPEG-2000 standard, Part 1
 Name:           jasper
 Version:        2.0.32
-Release:        3%{?dist}
+Release:        4%{?dist}
 License:        JasPer
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -12,6 +12,7 @@ Patch2:         jasper-2.0.14-rpath.patch
 # architecture related patches
 Patch100:       jasper-2.0.2-test-ppc64-disable.patch
 Patch101:       jasper-2.0.2-test-ppc64le-disable.patch
+Patch102:       CVE-2023-51257.patch
 # autoreconf
 BuildRequires:  cmake
 BuildRequires:  gcc
@@ -73,6 +74,8 @@ Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
 %patch101 -p1 -b .test-ppc64le-disable
 %endif
 
+%patch102 -p1 -b .cve-2023-51257.patch
+
 %build
 mkdir builder
 %cmake \
@@ -113,6 +116,9 @@ make test -C builder
 %{_libdir}/libjasper.so.4*
 
 %changelog
+* Fri Aug 23 2024 Sumedh Sharma <sumsharma@microsoft.com> - 2.0.32-4
+- Add patch to resolve CVE-2023-51257
+
 * Wed Sep 20 2023 Jon Slobodzian <joslobo@microsoft.com> - 2.0.32-3
 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)
 
