New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bugs found by our bug scanner #194
Comments
|
Can you tell something about your scanner? :) |
|
Sure, the link of the scanner is: https://github.com/stuartly/MissingCheck |
|
Bug 1 has been fixed in our fork: https://github.com/jasper-maint/jasper/ |
jubalh
added a commit
to jubalh/buildroot
that referenced
this issue
Jul 28, 2020
Changes: * Fix CVE-2018-9154 jasper-software/jasper#215 jasper-software/jasper#166 jasper-software/jasper#175 jasper-maint/jasper#8 * Fix CVE-2018-19541 jasper-software/jasper#199 jasper-maint/jasper#6 * Fix CVE-2016-9399, CVE-2017-13751 jasper-maint/jasper#1 * Fix CVE-2018-19540 jasper-software/jasper#182 jasper-maint/jasper#22 * Fix CVE-2018-9055 jasper-maint/jasper#9 * Fix CVE-2017-13748 jasper-software/jasper#168 * Fix CVE-2017-5503, CVE-2017-5504, CVE-2017-5505 jasper-maint/jasper#3 jasper-maint/jasper#4 jasper-maint/jasper#5 jasper-software/jasper#88 jasper-software/jasper#89 jasper-software/jasper#90 * Fix CVE-2018-9252 jasper-maint/jasper#16 * Fix CVE-2018-19139 jasper-maint/jasper#14 * Fix CVE-2018-19543, CVE-2017-9782 jasper-maint/jasper#13 jasper-maint/jasper#18 jasper-software/jasper#140 jasper-software/jasper#182 * Fix CVE-2018-20570 jasper-maint/jasper#11 jasper-software/jasper#191 * Fix CVE-2018-20622 jasper-maint/jasper#12 jasper-software/jasper#193 * Fix CVE-2016-9398 jasper-maint/jasper#10 * Fix CVE-2017-14132 jasper-maint/jasper#17 * Fix CVE-2017-5499 jasper-maint/jasper#2 jasper-software/jasper#63 * Fix CVE-2018-18873 jasper-maint/jasper#15 jasper-software/jasper#184 * Fix jasper-software/jasper#207 * Fix jasper-software/jasper#194 part 1 * Fix CVE-2017-13750 jasper-software/jasper#165 jasper-software/jasper#174 * New option -DJAS_ENABLE_HIDDEN=true to not export internal symbols in the public symbol table * Fix various memory leaks * Plenty of code cleanups, and performance improvements
|
CVE-2021-27845 was assigned to this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi all,
Our bug scanner has reported some bugs.
Bug triggering files are attached.
Bug-1:div/mod-zero
in function
cp_create,jpc_enc.c#749if (jpc_fixtodbl(tcp->ilyrrates[lyrno]) > ((double) cp->totalsize)/ cp->rawsize) { jas_eprintf("warning: intermediate layer rates must be less than overall rate\n"); goto error; }Divisor: rawsize
Result: Could be 0, Please Check.
in function
jjpc_dec_tileinit, jpc_dec.c#736~#738if (!(tcomp->data = jas_seq2d_create(JPC_CEILDIV(tile->xstart, cmpt->hstep), JPC_CEILDIV(tile->ystart, cmpt->vstep), JPC_CEILDIV(tile->xend, cmpt->hstep), JPC_CEILDIV(tile->yend, cmpt->vstep)))) { return -1; }Divisor: cmpt->hstep, cmpt->vstep
Result: Could be 0, Please Check.
3.in function
jpc_dec_process_siz, jpc_dec.c#1270~#1273,#1339~#1342if (!(tcomp->data = jas_seq2d_create(JPC_CEILDIV(tile->xstart, cmpt->hstep), JPC_CEILDIV(tile->ystart, cmpt->vstep), JPC_CEILDIV(tile->xend, cmpt->hstep), JPC_CEILDIV(tile->yend, cmpt->vstep)))) { return -1; }cmpt->width = JPC_CEILDIV(dec->xend, cmpt->hstep) - JPC_CEILDIV(dec->xstart, cmpt->hstep); cmpt->height = JPC_CEILDIV(dec->yend, cmpt->vstep) - JPC_CEILDIV(dec->ystart, cmpt->vstep);tcomp->xstart = JPC_CEILDIV(tile->xstart, cmpt->hstep); tcomp->ystart = JPC_CEILDIV(tile->ystart, cmpt->vstep); tcomp->xend = JPC_CEILDIV(tile->xend, cmpt->hstep); tcomp->yend = JPC_CEILDIV(tile->yend, cmpt->vstep);Divisor: cmpt->hstep, cmpt->vstep
Result: Could be 0, Please Check.
4.in function
jas_cmxform_apply, jas_cm.c#542*bufptr = (v - bias) / scale;Divisor: scale
Result: Could be 0, Please Check.
The text was updated successfully, but these errors were encountered: