From de5b0f0cf3b54ab6743e65f13b8b46e8a3221fc4 Mon Sep 17 00:00:00 2001
From: zppzhangpan <zp1224248514@163.com>
Date: Fri, 8 Aug 2025 16:14:38 +0800
Subject: [PATCH] fix CVE-2025-50952

(cherry picked from commit ff860e9d965b3da7a6d4aa65b85a7cd1837d6244)
---
 backport-CVE-2025-50952.patch | 30 ++++++++++++++++++++++++++++++
 openjpeg2.spec                |  6 +++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-50952.patch

diff --git a/backport-CVE-2025-50952.patch b/backport-CVE-2025-50952.patch
new file mode 100644
index 0000000..00bf168
--- /dev/null
+++ b/backport-CVE-2025-50952.patch
@@ -0,0 +1,30 @@
+From d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Sun, 18 Feb 2024 17:17:00 +0100
+Subject: [PATCH] opj_dwt_decode_tile(): avoid potential
+ UndefinedBehaviorSanitizer 'applying zero offset to null pointer' (fixes
+ #1505)
+
+Conflict: NA
+Reference: https://github.com/uclouvain/openjpeg/pull/1510/commits/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37
+
+---
+ src/lib/openjp2/dwt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index abc500eca..6b18c5dd6 100644
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -2083,7 +2083,9 @@ static OPJ_BOOL opj_dwt_decode_tile(opj_thread_pool_t* tp,
+     OPJ_SIZE_T h_mem_size;
+     int num_threads;
+ 
+-    if (numres == 1U) {
++    /* Not entirely sure for the return code of w == 0 which is triggered per */
++    /* https://github.com/uclouvain/openjpeg/issues/1505 */
++    if (numres == 1U || w == 0) {
+         return OPJ_TRUE;
+     }
+     num_threads = opj_thread_pool_get_thread_count(tp);
+
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 0d95b7c..73b6b6c 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -2,7 +2,7 @@
 
 Name:           openjpeg2
 Version:        2.5.0
-Release:        7
+Release:        8
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -13,6 +13,7 @@ Patch1:         backport-CVE-2023-39328.patch
 Patch2:         backport-CVE-2021-3575.patch
 Patch3:         backport-CVE-2024-56826.patch
 Patch4:         backport-CVE-2024-56827.patch
+Patch5:         backport-CVE-2025-50952.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen java-devel
 BuildRequires:  jbigkit-devel libjpeg-turbo-devel
@@ -103,6 +104,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_bindir}/opj2_dump
 
 %changelog
+* Fri Aug 8 2025 zhangpan <zhangpan103@h-partners.com> - 2.5.0-8
+- fix CVE-2025-50952
+
 * Tue Jan 7 2025 changtao <changtao@kylinos.cn> - 2.5.0-7
 - Type: CVE
 - CVE: CVE-2024-56827
-- 
Gitee