File jasper-CVE-2016-9396.patch of Package jasper.18194

Index: jasper-1.900.14/src/libjasper/jpc/jpc_cs.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_cs.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_cs.c
@@ -795,6 +795,10 @@ static int jpc_cox_getcompparms(jpc_ms_t
 	if (compparms->numdlvls > 32) {
 		goto error;
 	}
+	if (compparms->qmfbid != JPC_COX_INS &&
+		compparms->qmfbid != JPC_COX_RFT) {
+		goto error;
+	}
 	compparms->numrlvls = compparms->numdlvls + 1;
 	if (compparms->numrlvls > JPC_MAXRLVLS) {
 		goto error;
openSUSE Build Service is sponsored by