Description: Filename buffer overflow fix This patch fixes a security hole by a bad buffer size handling. Author: Roland Stigge Bug-Debian: http://bugs.debian.org/645118 --- jasper-4.1.0/src/libjasper/include/jasper/jas_stream.h.orig 2023-11-05 07:24:51.000000000 +0100 +++ jasper-4.1.0/src/libjasper/include/jasper/jas_stream.h 2023-11-07 07:25:12.340731017 +0100 @@ -77,6 +77,7 @@ #include /* IWYU pragma: export */ #include +#include #if defined(JAS_HAVE_FCNTL_H) #include #endif @@ -100,6 +101,12 @@ #define O_BINARY 0 #endif +#ifdef PATH_MAX +#define JAS_PATH_MAX PATH_MAX +#else +#define JAS_PATH_MAX 4096 +#endif + /* * Stream open flags. */ @@ -261,7 +268,7 @@ #if defined(JAS_WASI_LIBC) #define L_tmpnam 4096 #endif - char pathname[L_tmpnam + 1]; + char pathname[JAS_PATH_MAX + 1]; } jas_stream_fileobj_t; /* Delete underlying file object upon stream close. */