From b9e62da295ad13ca841adf62d8bf333f55672468 Mon Sep 17 00:00:00 2001
From: licihua <licihua@huawei.com>
Date: Mon, 25 Mar 2024 16:42:33 +0800
Subject: [PATCH] fix CVE-2023-51257

---
 backport_CVE-2023-51257.patch | 90 +++++++++++++++++++++++++++++++++++
 jasper.spec                   |  8 +++-
 2 files changed, 96 insertions(+), 2 deletions(-)
 create mode 100644 backport_CVE-2023-51257.patch

diff --git a/backport_CVE-2023-51257.patch b/backport_CVE-2023-51257.patch
new file mode 100644
index 0000000..f0b2876
--- /dev/null
+++ b/backport_CVE-2023-51257.patch
@@ -0,0 +1,90 @@
+From aeef5293c978158255ad4f127089644745602f2a Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Thu, 14 Dec 2023 19:04:19 -0800
+Subject: [PATCH] Fixes #367.
+
+Fixed an integer-overflow bug in the ICC profile parsing code.
+Added another invalid image to the test set.
+---
+ data/test/bad/367-PoC.jp2    | Bin 0 -> 2916 bytes
+ src/libjasper/base/jas_icc.c |  10 ++++++++++
+ 2 files changed, 10 insertions(+)
+ create mode 100644 data/test/bad/367-PoC.jp2
+
+diff --git a/data/test/bad/367-PoC.jp2 b/data/test/bad/367-PoC.jp2
+new file mode 100644
+index 0000000000000000000000000000000000000000..96e73789bd0e8983367d447b5084ed739479b0bf
+GIT binary patch
+literal 2916
+zcma)84OCO-8Gdi>O~NqTsa3Gp;YF=QB`k>!NLx|<3?RcS{HVxALvr&Ymn7c&Ac`)<
+zt<`NF@u$aQtF2m@o8qRe?pTXetOwoJ8cVg4BZGCV73x;1uCB^l_I?Q@(8JkwZ|?n`
+z?|q-|eV_0BzI$%~K(R{CadELP#sa`3i>JZ0%BA5DL%5BJ!`6n~c)QIkVmm%`F>*PD
+zK>nu5DToq8Ape!o<q{+uK%K)Q8gx0_@)ebwybC1oIE;ft7-uxOUD<klF<}!fX-6OT
+zKLQdJK2(nFAI<(oZ=9KToBTk<pxtS9o9Y0lH2_k<<PtpqvQN<-Q}1yhmOp`bl86Ek
+zs|dD+aUQ`nVZ1!VDKq3EhiGL@HlrDFBjVJW5q9ecOf;aM9FugsgBR^4j?_XgIxTjA
+z4}1O}_Xy^HgLQ&;IA0R-6z<y6CD^8rx!c47!w}wQGUk^eo{9ELE>8}z&qDk+Z*6%t
+z;yD14i578jd6+MGcCD>!8RB@fo9&*$vLX9gM@`96#5h)Rpw_vB#37tZCU-8@5~d^W
+zvGIjujZqH`W<D<;aVp{@o3~&nK3(MYl@fa>&RSb;31W;xi>r)9dc=u{H;GOI$%UHf
+z1H7OkxiCK6;qvH*G|+txp@ihZ`7$i;4$To`(tRFVSwVO#lkO4AhQ>0L7W?ADA%3Gv
+z2<=7G#vByA2BHn)Ggpjaz78?QVeayda#A<M(kW(R9;s~_;w-43jKG5vYVd9X2Rs4}
+z44{J?Y+WFt#{zZ`(88maM~j_`gIctW&C`cC;W1H$H8i@9jK(ZubHW+=hd53qfl)E@
+z@Op+RW)?7+j21X%A+w0dV)D?cWuA#B(2vl`fff2uX*kYm@M317qXKf86TK;sF<g^a
+zZ8rtBeu-+LvvfxN7$-7g)a)Et0dQjlhG(Z7S*MGQZBrs1?izEd>O;lFMp*j4>MQ+J
+z+9$n+_bzF7biDM2v>VSZ$i@{ALW=58l|8f)?g&pgY7Xtl^nelXA0y9+T8EX6T2YIm
+zIWg)XmEd12xnBZJsZp!yPpZGGuBrB`4ytaC$`Oq?s!H?@`XqgZev3X$zXu$Bj&7&V
+z(jD|~>9->>$6otzl*rnL=1Xj3wqzBC^Np-E4+5LRPGx7XdF(XyNwzq`;@AXM%@(jv
+zp=WAj-Gr!r)LiVa0&6u~)v<GtC%_KnsKgHS$Q7}wq{0qpz^EgilOd%{5~F4czp-mG
+z$zC2-A<LKL$+Cfy&5>zkYFQD%!%v><DfDUao*z*kesUs=Q8VC2u&^qTILgqjBYTyM
+z_MvV8b@Lv64SqWSa-FUQ(QdVQIE_k`!DZv8jOPj+rnFSfC<t80<>o}*&5J(XoCf4O
+zNX7x&GlafxRD2+6^L!s*!58?>x)QZjdI4J9015M>wiJ9PPJRvGRJzG4`oi&mqTUB^
+zTjps(eM*so@1~w$@E*Re<l6xrZ3_km4+MjcUdQ;|0OthcO*ff&3ozjk_==VwqVST0
+z5RE7nwR6}`#Mbl#2mdCQgz(6p0#k5l@COji82&Rr9N}YhpOI5k<QFu60!b7lWiWTJ
+z3T8~NPx5_^XPXnBHpgGB#dw<aG@kj(I`K3H&G2oYmKbY|X0Othk)}aI6&kQtY;52~
+zWue33e3}!S)@seVJYMh^m3b-d)n22>o0YsMI>p)F4V#NoY8pJed-nQNZWzWY)mlxO
+zDwX3h(=_~Cl_oaW4CGG`NXmf<?l>nI4}O2(szTBo>&N5bImL#3`t^TVBw=>N@ZtU<
+z*C6;AW;H7f1g<76<Qg7s1lGKFOQ&!CxI?|Inxoe7?sqCJ`$(Lm4g0<vZ1=O%i>oKr
+z?@*K+erWhe72EXZ+X11sx#dA@piTd+0mXy5qd(fc`YY<ro5trCUHy)^J~91l*RQ7q
+z)2p7mkhMhp`A<)_X>ILOUi!o3(<Kx4ADmErq$H<qfiFL6jo;tfyl3#jt)7|5&BtT9
+zU!8p-|MyA0%M+Bop4tr{ZCrlvP~Xv*f7}Q(zx=|?8!3AznQ`io4?1>Nyu9!YzeJb0
+ztv%3ocYUAwev)51zPe>lQ?E%e{Jb)`^JlSzrlQ>~eepd(oA%x3f2iA(v$$~k^=y;#
+z`g5BeewJvJS|1)$)Mb1;-?#Qyf6<1j$=YXcUb(P0P`c?cW5U@cm1<|)+tUU!=T`cP
+zSN6Bu+H&`eU%a$&<C&*_vSEiWeNFE=NqupPP;~oW9dVD?*6R5E8Kp-ub??5qdwYD!
+z*1BaKD~@-zmd#jMw)K_oWo=eJXiK?1XQ#Ta?XxfbnX5kk<ALT*T^3ayKajlYu`DeX
+zy6yb>o5$}@h79*!m8~J6VDq704t(|cnZyU{3ckKsk^Ih0?sEF9qaPH!b^edCEnlZz
+zZmc?cg6*Pn3tA@}JG}q>Tc<bQfyKR7FU411IKHhu=DAsW<$T8{bFa4z6eT-LUn$J<
+z9e$xq&89wHaqn8DBGG!|Jzev_Yx8!^-yBRhnVa8qsziQg=gQ7qC-(gAlZ5`?1iStN
+DxIx@F
+
+literal 0
+HcmV?d00001
+
+diff --git a/src/libjasper/base/jas_icc.c b/src/libjasper/base/jas_icc.c
+index f3ffcef..eb25929 100644
+--- a/src/libjasper/base/jas_icc.c
++++ b/src/libjasper/base/jas_icc.c
+@@ -1324,12 +1324,22 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval, jas_stream_t *in,
+ {
+ 	jas_icctxt_t *txt = &attrval->data.txt;
+ 	txt->string = 0;
++	/* The string must at least contain a single null character. */
++	if (cnt < 1) {
++		goto error;
++	}
+ 	if (!(txt->string = jas_malloc(cnt))) {
+ 		goto error;
+ 	}
+ 	if (jas_stream_read(in, txt->string, cnt) != cnt) {
+ 		goto error;
+ 	}
++	/* Ensure that the string is null terminated. */
++	if (txt->string[cnt - 1] != '\0') {
++		goto error;
++	}
++	/* The following line is redundant, unless we do not enforce that
++	  the last character must be null. */
+ 	txt->string[cnt - 1] = '\0';
+ 	if (strlen(txt->string) + 1 != cnt) {
+ 		goto error;
+-- 
+2.40.1
+
diff --git a/jasper.spec b/jasper.spec
index a39f06f..5be7d02 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -1,12 +1,13 @@
 Name:                jasper
 Version:             4.1.0
-Release:             1
+Release:             2 
 Summary:             Reference implementation of the codec specified in the JPEG-2000 standard, Part 1
 License:             JasPer-2.0
 URL:                 http://www.ece.uvic.ca/~frodo/jasper/
 Source0:             https://github.com/jasper-software/%{name}/archive/refs/tags/version-%{version}.tar.gz
 
 Patch0001:           jasper-4.1.0-rpath.patch
+Patch0002:           backport_CVE-2023-51257.patch
 
 BuildRequires:       cmake freeglut-devel libGLU-devel libjpeg-devel libXmu-devel libXi-devel
 BuildRequires:       pkgconfig doxygen mesa-libGL-devel
@@ -41,7 +42,7 @@ Summary:             Help documents for jasper
 Help documents for jasper.
 
 %prep
-%autosetup -n %{name}-version-%{version} -p1
+%autosetup -n  %{name}-version-%{version} -p1 -S git
 
 %build
 install -d builder
@@ -85,6 +86,9 @@ make test -C builder
 %doc README.md
 
 %changelog
+* Mon Mar 25 2024 licihua <licihua@huawei.com> - 4.1.0-2
+- Fix CVE-2023-51257
+
 * Wed Feb 7 2024 Dongxing Wang <dongxing.wang_a@thundersoft.com> - 4.1.0-1
 - Upgrade to version 4.1.0
 
-- 
Gitee