From eb13bf88f6d4ee894565b27fb5601bff361852f5 Mon Sep 17 00:00:00 2001
From: dongyuzhen <dongyuzhen@huawei.com>
Date: Tue, 4 Jan 2022 15:07:35 +0800
Subject: [PATCH] fix CVE-2020-27842

(cherry picked from commit 722ffc14f1330c8ee0b2b87245c1e3f99265a42e)
---
 backport-CVE-2020-27842.patch | 33 +++++++++++++++++++++++++++++++++
 openjpeg2.spec                |  6 +++++-
 2 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2020-27842.patch

diff --git a/backport-CVE-2020-27842.patch b/backport-CVE-2020-27842.patch
new file mode 100644
index 0000000..c4d36f2
--- /dev/null
+++ b/backport-CVE-2020-27842.patch
@@ -0,0 +1,33 @@
+From fbd30b064f8f9607d500437b6fedc41431fd6cdc Mon Sep 17 00:00:00 2001
+From: Even Rouault <even.rouault@spatialys.com>
+Date: Tue, 1 Dec 2020 19:51:35 +0100
+Subject: [PATCH] opj_t2_encode_packet(): avoid out of bound access of #1294,
+ but likely not the proper fix
+
+Conflict:NA
+Reference:https://github.com/uclouvain/openjpeg/commit/fbd30b064f8f9607d500437b6fedc41431fd6cdc
+
+---
+ src/lib/openjp2/t2.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
+index 71472b499..e452edd19 100644
+--- a/src/lib/openjp2/t2.c
++++ b/src/lib/openjp2/t2.c
+@@ -739,6 +739,15 @@ static OPJ_BOOL opj_t2_encode_packet(OPJ_UINT32 tileno,
+                 continue;
+             }
+ 
++            /* Avoid out of bounds access of https://github.com/uclouvain/openjpeg/issues/1294 */
++            /* but likely not a proper fix. */
++            if (precno >= res->pw * res->ph) {
++                opj_event_msg(p_manager, EVT_ERROR,
++                              "opj_t2_encode_packet(): accessing precno=%u >= %u\n",
++                              precno, res->pw * res->ph);
++                return OPJ_FALSE;
++            }
++
+             prc = &band->precincts[precno];
+             opj_tgt_reset(prc->incltree);
+             opj_tgt_reset(prc->imsbtree);
diff --git a/openjpeg2.spec b/openjpeg2.spec
index 2257357..7476624 100644
--- a/openjpeg2.spec
+++ b/openjpeg2.spec
@@ -1,6 +1,6 @@
 Name:           openjpeg2
 Version:        2.3.1
-Release:        7
+Release:        8
 Summary:        C-Library for JPEG 2000
 License:        BSD and MIT
 URL:            https://github.com/uclouvain/openjpeg
@@ -22,6 +22,7 @@ Patch6009:      backport-CVE-2020-6851.patch
 Patch6010:      backport-CVE-2020-27823.patch
 Patch6011:      backport-CVE-2020-27824.patch
 Patch6012:      backport-CVE-2021-29338.patch
+Patch6013:	backport-CVE-2020-27842.patch
 
 BuildRequires:  cmake gcc-c++ make zlib-devel libpng-devel libtiff-devel lcms2-devel doxygen
 
@@ -97,6 +98,9 @@ mv %{buildroot}%{_mandir}/man1/opj_dump.1 %{buildroot}%{_mandir}/man1/opj2_dump.
 %{_mandir}/man3/*.3*
 
 %changelog
+* Tue Jan 4 2022 dongyuzhen <dongyuzhen@huawei.com> - 2.3.1-8
+- fix CVE-2020-27842
+
 * Fri Sep 24 2021 yangcheng <yangcheng87@huawei.com> - 2.3.1-7
 - fix CVE-2021-29338
 
-- 
Gitee