Fix integer overflow which can potentially lead to RCE. https://www.openwall.com/lists/oss-security/2019/11/11/1 https://nvd.nist.gov/vuln/detail/CVE-2019-2201 The problem was partially fixed in 2.0.3. This patch is a follow-up. https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad diff --git a/tjbench.c b/tjbench.c index a7d397318..13a5bde62 100644 --- a/tjbench.c +++ b/tjbench.c @@ -171,7 +171,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf, } /* Set the destination buffer to gray so we know whether the decompressor attempted to write to it */ - memset(dstBuf, 127, pitch * scaledh); + memset(dstBuf, 127, (size_t)pitch * scaledh); if (doYUV) { int width = doTile ? tilew : scaledw; @@ -193,7 +193,7 @@ static int decomp(unsigned char *srcBuf, unsigned char **jpegBuf, double start = getTime(); for (row = 0, dstPtr = dstBuf; row < ntilesh; - row++, dstPtr += pitch * tileh) { + row++, dstPtr += (size_t)pitch * tileh) { for (col = 0, dstPtr2 = dstPtr; col < ntilesw; col++, tile++, dstPtr2 += ps * tilew) { int width = doTile ? min(tilew, w - col * tilew) : scaledw; href='/guix/commit/tests/elpa.scm?id=c2245ac23a581e3152a683da749b4dae5358d6e3'>commitdiff
path: root/tests/elpa.scm
AgeCommit message (Expand)Author
2020-12-02import: utils: 'recursive-import' accepts an optional version parameter....Martin Becze
2020-01-16import: elpa: Rewrite test to use an HTTP server instead of mocking....Ludovic Courtès