Description: Filename buffer overflow fix
|
This patch fixes a security hole by a bad buffer size handling.
|
Author: Roland Stigge <stigge@antcom.de>
|
Bug-Debian: http://bugs.debian.org/645118
|
|
--- jasper-4.1.0/src/libjasper/include/jasper/jas_stream.h.orig 2023-11-05 07:24:51.000000000 +0100
|
+++ jasper-4.1.0/src/libjasper/include/jasper/jas_stream.h 2023-11-07 07:25:12.340731017 +0100
|
@@ -77,6 +77,7 @@
|
#include <jasper/jas_config.h> /* IWYU pragma: export */
|
|
#include <stdio.h>
|
+#include <limits.h>
|
#if defined(JAS_HAVE_FCNTL_H)
|
#include <fcntl.h>
|
#endif
|
@@ -100,6 +101,12 @@
|
#define O_BINARY 0
|
#endif
|
|
+#ifdef PATH_MAX
|
+#define JAS_PATH_MAX PATH_MAX
|
+#else
|
+#define JAS_PATH_MAX 4096
|
+#endif
|
+
|
/*
|
* Stream open flags.
|
*/
|
@@ -261,7 +268,7 @@
|
#if defined(JAS_WASI_LIBC)
|
#define L_tmpnam 4096
|
#endif
|
- char pathname[L_tmpnam + 1];
|
+ char pathname[JAS_PATH_MAX + 1];
|
} jas_stream_fileobj_t;
|
|
/* Delete underlying file object upon stream close. */
|
