File jasper-CVE-2017-6850.patch of Package jasper.18194

--- jasper-1.900.14/src/libjasper/base/jas_stream.c	2017-03-22 10:18:22.195685757 +0100
+++ jasper-1.900.14/src/libjasper/base/jas_stream.c	2017-03-22 10:20:15.366313051 +0100
@@ -507,6 +507,7 @@
 	return 0;
 }
 
+/* FIXME integral type */
 int jas_stream_read(jas_stream_t *stream, void *buf, int cnt)
 {
 	int n;
@@ -527,6 +528,7 @@
 	return n;
 }
 
+/* FIXME integral type */
 int jas_stream_write(jas_stream_t *stream, const void *buf, int cnt)
 {
 	int n;
@@ -573,6 +575,7 @@
 	return 0;
 }
 
+/* FIXME integral type */
 char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
 {
 	int c;
@@ -594,6 +597,7 @@
 	return buf;
 }
 
+/* FIXME integral type */
 int jas_stream_gobble(jas_stream_t *stream, int n)
 {
 	int m;
@@ -606,6 +610,7 @@
 	return n;
 }
 
+/* FIXME integral type */
 int jas_stream_pad(jas_stream_t *stream, int n, int c)
 {
 	int m;
@@ -696,6 +701,7 @@
 * Buffer initialization code.
 \******************************************************************************/
 
+/* FIXME integral type */
 static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
   int bufsize)
 {
@@ -871,6 +877,7 @@
 	return openmode;
 }
 
+/* FIXME integral type */
 int jas_stream_copy(jas_stream_t *out, jas_stream_t *in, int n)
 {
 	int all;
@@ -896,6 +903,7 @@
 	return 0;
 }
 
+/* FIXME integral type */
 long jas_stream_setrwcount(jas_stream_t *stream, long rwcnt)
 {
 	int old;
@@ -905,6 +913,7 @@
 	return old;
 }
 
+/* FIXME integral type */
 int jas_stream_display(jas_stream_t *stream, FILE *fp, int n)
 {
 	unsigned char buf[16];
@@ -979,6 +988,7 @@
 * Memory stream object.
 \******************************************************************************/
 
+/* FIXME integral type */
 static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	int n;
@@ -1007,6 +1017,7 @@
 	return 0;
 }
 
+/* FIXME integral type */
 static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	int n;
@@ -1054,6 +1065,7 @@
 	return ret;
 }
 
+/* FIXME integral type */
 static long mem_seek(jas_stream_obj_t *obj, long offset, int origin)
 {
 	jas_stream_memobj_t *m = (jas_stream_memobj_t *)obj;
@@ -1096,18 +1108,21 @@
 * File stream object.
 \******************************************************************************/
 
+/* FIXME integral type */
 static int file_read(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
 	return read(fileobj->fd, buf, cnt);
 }
 
+/* FIXME integral type */
 static int file_write(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
 	return write(fileobj->fd, buf, cnt);
 }
 
+/* FIXME integral type */
 static long file_seek(jas_stream_obj_t *obj, long offset, int origin)
 {
 	jas_stream_fileobj_t *fileobj = JAS_CAST(jas_stream_fileobj_t *, obj);
@@ -1130,6 +1145,7 @@
 * Stdio file stream object.
 \******************************************************************************/
 
+/* FIXME integral type */
 static int sfile_read(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	FILE *fp;
@@ -1144,6 +1160,7 @@
 	return result;
 }
 
+/* FIXME integral type */
 static int sfile_write(jas_stream_obj_t *obj, char *buf, int cnt)
 {
 	FILE *fp;
@@ -1153,6 +1170,7 @@
 	return (n != JAS_CAST(size_t, cnt)) ? (-1) : cnt;
 }
 
+/* FIXME integral type */
 static long sfile_seek(jas_stream_obj_t *obj, long offset, int origin)
 {
 	FILE *fp;
--- jasper-1.900.14/src/libjasper/jp2/jp2_cod.c	2017-03-22 10:18:22.191685757 +0100
+++ jasper-1.900.14/src/libjasper/jp2/jp2_cod.c	2017-03-22 10:20:15.366313051 +0100
@@ -183,15 +183,28 @@
 * Box constructor.
 \******************************************************************************/
 
-jp2_box_t *jp2_box_create(int type)
+jp2_box_t *jp2_box_create0()
 {
 	jp2_box_t *box;
-	jp2_boxinfo_t *boxinfo;
-
 	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
 		return 0;
 	}
 	memset(box, 0, sizeof(jp2_box_t));
+	box->type = 0;
+	box->len = 0;
+	// Mark the box data as never having been constructed
+	// so that we will not errantly attempt to destroy it later.
+	box->ops = &jp2_boxinfo_unk.ops;
+	return box;
+}
+
+jp2_box_t *jp2_box_create(int type)
+{
+	jp2_box_t *box;
+	jp2_boxinfo_t *boxinfo;
+	if (!(box = jp2_box_create0())) {
+		return 0;
+	}
 	box->type = type;
 	box->len = 0;
 	if (!(boxinfo = jp2_boxinfolookup(type))) {
@@ -248,14 +261,9 @@
 	box = 0;
 	tmpstream = 0;
 
-	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
+	if (!(box = jp2_box_create0())) {
 		goto error;
 	}
-
-	// Mark the box data as never having been constructed
-	// so that we will not errantly attempt to destroy it later.
-	box->ops = &jp2_boxinfo_unk.ops;
-
 	if (jp2_getuint32(in, &len) || jp2_getuint32(in, &box->type)) {
 		goto error;
 	}
@@ -263,10 +271,12 @@
 	box->info = boxinfo;
 	box->len = len;
 	JAS_DBGLOG(10, (
-	  "preliminary processing of JP2 box: type=%c%s%c (0x%08x); length=%d\n",
+	  "preliminary processing of JP2 box: "
+	  "type=%c%s%c (0x%08x); length=%"PRIuFAST32"\n",
 	  '"', boxinfo->name, '"', box->type, box->len
 	  ));
 	if (box->len == 1) {
+		JAS_DBGLOG(10, ("big length\n"));
 		if (jp2_getuint64(in, &extlen)) {
 			goto error;
 		}
@@ -382,6 +392,7 @@
 {
 	jp2_bpcc_t *bpcc = &box->data.bpcc;
 	unsigned int i;
+	bpcc->bpcs = 0;
 	bpcc->numcmpts = box->datalen;
 	if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
 		return -1;
@@ -462,6 +473,7 @@
 	jp2_cdef_t *cdef = &box->data.cdef;
 	jp2_cdefchan_t *chan;
 	unsigned int channo;
+	cdef->ents = 0;
 	if (jp2_getuint16(in, &cdef->numchans)) {
 		return -1;
 	}
@@ -518,7 +530,9 @@
 	}
 
 	if (dataflag) {
-		if (jas_stream_copy(out, tmpstream, box->len - JP2_BOX_HDRLEN(false))) {
+		if (jas_stream_copy(out, tmpstream, box->len -
+		  JP2_BOX_HDRLEN(false))) {
+			jas_eprintf("cannot copy box data\n");
 			goto error;
 		}
 		jas_stream_close(tmpstream);
@@ -777,6 +791,7 @@
 	jp2_cmap_t *cmap = &box->data.cmap;
 	jp2_cmapent_t *ent;
 	unsigned int i;
+	cmap->ents = 0;
 
 	cmap->numchans = (box->datalen) / 4;
 	if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
@@ -835,6 +850,7 @@
 	int_fast32_t x;
 
 	pclr->lutdata = 0;
+	pclr->bpc = 0;
 
 	if (jp2_getuint16(in, &pclr->numlutents) ||
 	  jp2_getuint8(in, &pclr->numchans)) {
openSUSE Build Service is sponsored by