From 1e7b4ee7f22f026ea47016da7c1376df96d5d46e Mon Sep 17 00:00:00 2001
From: changtao <changtao@kylinos.cn>
Date: Sat, 4 Jan 2025 11:13:26 +0800
Subject: [PATCH] fix CVE-2024-56827

(cherry picked from commit 67e6d39ba721d4345b3af6c261e78c731bc8e158)
---
 backport-CVE-2024-56827.patch | 28 ++++++++++++++++++++++++++++
 openjpeg2.spec                |  9 ++++++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-56827.patch

diff --git a/backport-CVE-2024-56827.patch b/backport-CVE-2024-56827.patch
new file mode 100644
index 0000000..4572ac6
--- /dev/null
+++ b/backport-CVE-2024-56827.patch
@@ -0,0 +1,28 @@
+From e492644fbded4c820ca55b5e50e598d346e850e8 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Mon, 25 Nov 2024 22:02:54 +0100
+Subject: [PATCH] opj_j2k_add_tlmarker(): validate that current tile-part
+ number if smaller that total number of tile-parts
+
+Fixes #1564
+---
+ src/lib/openjp2/j2k.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index bcce316..dce786e 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -8362,7 +8362,8 @@ static OPJ_BOOL opj_j2k_add_tlmarker(OPJ_UINT32 tileno,
+     if (type == J2K_MS_SOT) {
+         OPJ_UINT32 l_current_tile_part = cstr_index->tile_index[tileno].current_tpsno;
+ 
+-        if (cstr_index->tile_index[tileno].tp_index) {
++        if (cstr_index->tile_index[tileno].tp_index &&
++                l_current_tile_part < cstr_index->tile_index[tileno].nb_tps) {
+             cstr_index->tile_index[tileno].tp_index[l_current_tile_part].start_pos = pos;
+         }
+ 
+-- 
+2.46.0
+
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 82b82db..0d95b7c 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -2,7 +2,7 @@
 
 Name:           openjpeg2
 Version:        2.5.0
-Release:        6
+Release:        7
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -12,6 +12,7 @@ Patch0:         openjpeg2_opj2.patch
 Patch1:         backport-CVE-2023-39328.patch
 Patch2:         backport-CVE-2021-3575.patch
 Patch3:         backport-CVE-2024-56826.patch
+Patch4:         backport-CVE-2024-56827.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
 BuildRequires:  jbigkit-devel libjpeg-turbo-devel
@@ -102,6 +103,12 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_bindir}/opj2_dump
 
 %changelog
+* Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-7
+- Type: CVE
+- CVE: CVE-2024-56827
+- SUG: NA
+- DESC: fix CVE-2024-56827
+
 * Tue Jan 7 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-6
 - fix CVE-2024-56826
 
-- 
Gitee