On Wed, 14 Sep 2016 20:50:49 +0100 Richard Hughes <hughsi...@gmail.com> wrote:
> Can we get somebody to revert > https://bodhi.fedoraproject.org/updates/FEDORA-2016-7776983633 please. > The update was built to fix CVE-2015-5203 which fixes a double free > when opening corrupt JPEG-2000 files but in doing-so breaks quite a > few apps in the desktop spin causing them to exit with an assert deep > in libjasper. > > In the update the function jas_stream_memopen has been changed: > > -jas_stream_t *jas_stream_memopen(char *buf, int bufsize); > +jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize); > > Unless I'm misunderstood things dramatically, size_t is basically > *unsigned* long integer, but this function offers a feature where if > the bufsize is -1 the buffer is realloc'd as needed. gdk-pixbuf2 uses > this feature for JPEG-2000 files. However, as size_t represents only > positive numbers, a conversion takes place to some very high number > and the allocation fails. one more case for enabling libabigail tests in bodhi ... Dan -- devel mailing list devel@lists.fedoraproject.org https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
