From 29b4741a1183ea4ef35e13e42881584409a82f36 Mon Sep 17 00:00:00 2001
From: fangroom <2018302070250@whu.edu.cn>
Date: Fri, 28 Jul 2023 16:41:04 +0800
Subject: [PATCH 1/2] repair CVE-2020-16398

---
 contrib/japanese/gdevmjc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c
index 85fa6a8..6aa80cd 100644
--- a/contrib/japanese/gdevmjc.c
+++ b/contrib/japanese/gdevmjc.c
@@ -1504,7 +1504,7 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp
         if (Y<0)
                 Y=0;
 
-        if(H>256 && H<1024){		/* green correct */
+        if(H>256 && H<768){		/* green correct */
                 short	work;
                 work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16);
                 C+=work;
-- 
Gitee


From d6b0f1408dd5ed39324db0273f87191b80d77426 Mon Sep 17 00:00:00 2001
From: fangroom <2018302070250@whu.edu.cn>
Date: Wed, 2 Aug 2023 11:15:20 +0800
Subject: [PATCH 2/2] repair CVE-2020-16398

---
 contrib/japanese/gdevmjc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/contrib/japanese/gdevmjc.c b/contrib/japanese/gdevmjc.c
index 6aa80cd..c86aaae 100644
--- a/contrib/japanese/gdevmjc.c
+++ b/contrib/japanese/gdevmjc.c
@@ -1503,7 +1503,9 @@ mj_color_correct(gx_color_value *Rptr ,gx_color_value *Gptr , gx_color_value *Bp
                 M=0;
         if (Y<0)
                 Y=0;
-
+	/* 2019-10-29 this used to be 'if(H>256 && H<1024)', which can then go
+        beyond bounds of the 512-element grnsep2[]. So have patched up to avoid
+        this, but without any proper idea about what's going on. */
         if(H>256 && H<768){		/* green correct */
                 short	work;
                 work=(((long)grnsep[M]*(long)grnsep2[H-256])>>16);
-- 
Gitee