File jasper-1.900.1-bug725758.patch of Package jasper

diff -ru jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2011-11-29 14:13:01.000000000 +0100
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2011-11-29 14:15:11.638066001 +0100
@@ -744,6 +744,12 @@
 		return -1;
 	}
 	compparms->numrlvls = compparms->numdlvls + 1;
+	if (compparms->numrlvls > JPC_MAXRLVLS) {
+		compparms->numrlvls = 0;
+		jpc_cox_destroycompparms(compparms);
+		return -1;
+	}
+	
 	if (prtflag) {
 		for (i = 0; i < compparms->numrlvls; ++i) {
 			if (jpc_getuint8(in, &tmp)) {
@@ -1331,7 +1337,7 @@
 	jpc_crgcomp_t *comp;
 	uint_fast16_t compno;
 	crg->numcomps = cstate->numcomps;
-	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
 		return -1;
 	}
 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;