File jasper-CVE-2016-9397-CVE-2016-9557.patch of Package jasper.18194

Index: jasper-1.900.14/src/appl/imginfo.c
===================================================================
--- jasper-1.900.14.orig/src/appl/imginfo.c
+++ jasper-1.900.14/src/appl/imginfo.c
@@ -88,6 +88,7 @@ typedef enum {
 	OPT_VERBOSE,
 	OPT_INFILE,
 	OPT_DEBUG,
+	OPT_MAXSAMPLES,
 	OPT_MAXMEM
 } optid_t;
 
@@ -108,6 +109,7 @@ static jas_opt_t opts[] = {
 	{OPT_VERBOSE, "verbose", 0},
 	{OPT_INFILE, "f", JAS_OPT_HASARG},
 	{OPT_DEBUG, "debug-level", JAS_OPT_HASARG},
+	{OPT_MAXSAMPLES, "max-samples", JAS_OPT_HASARG},
 #if defined(JAS_DEFAULT_MAX_MEM_USAGE)
 	{OPT_MAXMEM, "memory-limit", JAS_OPT_HASARG},
 #endif
@@ -135,6 +137,9 @@ int main(int argc, char **argv)
 	char *fmtname;
 	int debug;
 	size_t max_mem;
+	size_t max_samples;
+	bool max_samples_valid;
+    char optstr[32];
 
 	if (jas_init()) {
 		abort();
@@ -142,6 +147,9 @@ int main(int argc, char **argv)
 
 	cmdname = argv[0];
 
+	max_samples = 0;
+	max_samples_valid = false;
+
 	infile = 0;
 	verbose = 0;
 	debug = 0;
@@ -165,6 +173,10 @@ int main(int argc, char **argv)
 		case OPT_INFILE:
 			infile = jas_optarg;
 			break;
+		case OPT_MAXSAMPLES:
+			max_samples = strtoull(jas_optarg, 0, 10);
+			max_samples_valid = true;
+			break;
 		case OPT_MAXMEM:
 			max_mem = strtoull(jas_optarg, 0, 10);
 			break;
@@ -199,8 +211,13 @@ int main(int argc, char **argv)
 		fprintf(stderr, "unknown image format\n");
 	}
 
+	optstr[0] = '\0';
+	if (max_samples_valid) {
+		snprintf(optstr, sizeof(optstr), "max_samples=%-zu", max_samples);
+	}
+
 	/* Decode the image. */
-	if (!(image = jas_image_decode(instream, fmtid, 0))) {
+	if (!(image = jas_image_decode(instream, fmtid, optstr))) {
 		jas_stream_close(instream);
 		fprintf(stderr, "cannot load image\n");
 		return EXIT_FAILURE;
@@ -209,6 +226,11 @@ int main(int argc, char **argv)
 	/* Close the image file. */
 	jas_stream_close(instream);
 
+	if (!(fmtname = jas_image_fmttostr(fmtid))) {
+		jas_eprintf("format name lookup failed\n");
+		return EXIT_FAILURE;
+	}
+
 	if (!(numcmpts = jas_image_numcmpts(image))) {
 		fprintf(stderr, "warning: image has no components\n");
 	}
openSUSE Build Service is sponsored by