[oe][meta-oe][kirkstone][PATCH] openjpeg: Fix CVE-2025-50952

Wed, 03 Sep 2025 02:04:12 -0700 

From: Vijay Anusuri <[email protected]>

Upstream commit:
https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37

Signed-off-by: Vijay Anusuri <[email protected]>
---
 .../openjpeg/openjpeg/CVE-2025-50952.patch    | 32 +++++++++++++++++++
 .../openjpeg/openjpeg_2.4.0.bb                |  1 +
 2 files changed, 33 insertions(+)
 create mode 100644 
meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch

diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch 
b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch
new file mode 100644
index 0000000000..6d16b37980
--- /dev/null
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg/CVE-2025-50952.patch
@@ -0,0 +1,32 @@
+From d903fbb4ab9ccf9b96c8bc7398fafc0007505a37 Mon Sep 17 00:00:00 2001
+From: Even Rouault <[email protected]>
+Date: Sun, 18 Feb 2024 17:17:00 +0100
+Subject: [PATCH] opj_dwt_decode_tile(): avoid potential
+ UndefinedBehaviorSanitizer 'applying zero offset to null pointer' (fixes
+ #1505)
+
+Upstream-Status: Backport 
[https://github.com/uclouvain/openjpeg/commit/d903fbb4ab9ccf9b96c8bc7398fafc0007505a37]
+CVE: CVE-2025-50952
+Signed-off-by: Vijay Anusuri <[email protected]>
+---
+ src/lib/openjp2/dwt.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lib/openjp2/dwt.c b/src/lib/openjp2/dwt.c
+index 4164ba09..f42c47b6 100644
+--- a/src/lib/openjp2/dwt.c
++++ b/src/lib/openjp2/dwt.c
+@@ -2080,7 +2080,9 @@ static OPJ_BOOL opj_dwt_decode_tile(opj_thread_pool_t* 
tp,
+     OPJ_SIZE_T h_mem_size;
+     int num_threads;
+ 
+-    if (numres == 1U) {
++    /* Not entirely sure for the return code of w == 0 which is triggered per 
*/
++    /* https://github.com/uclouvain/openjpeg/issues/1505 */
++    if (numres == 1U || w == 0) {
+         return OPJ_TRUE;
+     }
+     num_threads = opj_thread_pool_get_thread_count(tp);
+-- 
+2.25.1
+
diff --git a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb 
b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
index feecb957ba..fbfbab7aaf 100644
--- a/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
+++ b/meta-oe/recipes-graphics/openjpeg/openjpeg_2.4.0.bb
@@ -15,6 +15,7 @@ SRC_URI = " \
     file://0001-sycc422_to_rgb-fix-out-of-bounds-read-accesses-when-.patch \
     file://0001-opj_j2k_add_tlmarker-validate-that-current-tile-part.patch \
     file://CVE-2023-39327.patch \
+    file://CVE-2025-50952.patch \
 "
 SRCREV = "37ac30ceff6640bbab502388c5e0fa0bff23f505"
 S = "${WORKDIR}/git"
-- 
2.25.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#119167): 
https://lists.openembedded.org/g/openembedded-devel/message/119167
Mute This Topic: https://lists.openembedded.org/mt/115021728/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to