File jasper-CVE-2017-5503-CVE-2017-5504-CVE-2017-5505.patch of Package jasper.18194

Index: jasper-1.900.14/src/libjasper/base/jas_seq.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/base/jas_seq.c
+++ jasper-1.900.14/src/libjasper/base/jas_seq.c
@@ -211,11 +211,17 @@ jas_matrix_t *jas_matrix_copy(jas_matrix
 * Bind operations.
 \******************************************************************************/
 
-void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart, int ystart,
+int jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart, int ystart,
   int xend, int yend)
 {
+	if (xstart < s1->xstart_ || ystart < s1->ystart_ ||
+			xend > s1->xend_ || yend > s1->yend_)
+		return -1;
+
 	jas_matrix_bindsub(s, s1, ystart - s1->ystart_, xstart - s1->xstart_,
-	  yend - s1->ystart_ - 1, xend - s1->xstart_ - 1);
+			yend - s1->ystart_ - 1, xend - s1->xstart_ - 1);
+
+	return 0;
 }
 
 void jas_matrix_bindsub(jas_matrix_t *mat0, jas_matrix_t *mat1, int r0, int c0,
Index: jasper-1.900.14/src/libjasper/jpc/jpc_dec.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_dec.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_dec.c
@@ -798,8 +798,10 @@ static int jpc_dec_tileinit(jpc_dec_t *d
 				if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) {
 					return -1;
 				}
-				jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart,
-				  bnd->locystart, bnd->locxend, bnd->locyend);
+				if (jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart,
+							bnd->locystart, bnd->locxend, bnd->locyend)) {
+					return -1;
+				}
 				jas_seq2d_setshift(band->data, bnd->xstart, bnd->ystart);
 
 				assert(rlvl->numprcs);
@@ -879,8 +881,9 @@ static int jpc_dec_tileinit(jpc_dec_t *d
 								  0))) {
 									return -1;
 								}
-								jas_seq2d_bindsub(cblk->data, band->data,
-								  tmpxstart, tmpystart, tmpxend, tmpyend);
+								if (jas_seq2d_bindsub(cblk->data, band->data, tmpxstart, tmpystart, tmpxend, tmpyend)) {
+									return -1;
+								}
 								++cblk;
 								--cblkcnt;
 							}
Index: jasper-1.900.14/src/libjasper/jpc/jpc_enc.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_enc.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c
@@ -2283,8 +2283,10 @@ if (bandinfo->xstart != bandinfo->xend &
 	if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) {
 		goto error;
 	}
-	jas_seq2d_bindsub(band->data, tcmpt->data, bandinfo->locxstart,
-	  bandinfo->locystart, bandinfo->locxend, bandinfo->locyend);
+	if (jas_seq2d_bindsub(band->data, tcmpt->data, bandinfo->locxstart,
+				bandinfo->locystart, bandinfo->locxend, bandinfo->locyend)) {
+		goto error;
+	}
 	jas_seq2d_setshift(band->data, bandinfo->xstart, bandinfo->ystart);
 }
 	band->orient = bandinfo->orient;
@@ -2549,7 +2551,9 @@ static jpc_enc_cblk_t *cblk_create(jpc_e
 	if (!(cblk->data = jas_seq2d_create(0, 0, 0, 0))) {
 		goto error;
 	}
-	jas_seq2d_bindsub(cblk->data, band->data, cblktlx, cblktly, cblkbrx, cblkbry);
+	if (jas_seq2d_bindsub(cblk->data, band->data, cblktlx, cblktly, cblkbrx, cblkbry)) {
+		goto error;
+	}
 
 	return cblk;
 
Index: jasper-1.900.14/src/libjasper/include/jasper/jas_seq.h
===================================================================
--- jasper-1.900.14.orig/src/libjasper/include/jasper/jas_seq.h
+++ jasper-1.900.14/src/libjasper/include/jasper/jas_seq.h
@@ -280,7 +280,7 @@ jas_matrix_t *jas_seq2d_create(int xstar
 #define jas_seq2d_size(s) \
 	(jas_seq2d_width(s) * jas_seq2d_height(s))
 
-void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart,
+int jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, int xstart,
   int ystart, int xend, int yend);
 
 /******************************************************************************\
openSUSE Build Service is sponsored by