File jasper-CVE-2017-5503-CVE-2017-5504-CVE-2017-5505.patch of Package jasper.18193

Index: jasper-2.0.14/src/libjasper/base/jas_seq.c
===================================================================
--- jasper-2.0.14.orig/src/libjasper/base/jas_seq.c
+++ jasper-2.0.14/src/libjasper/base/jas_seq.c
@@ -211,11 +211,15 @@ jas_matrix_t *jas_matrix_copy(jas_matrix
 * Bind operations.
 \******************************************************************************/
 
-void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, jas_matind_t xstart,
+int jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, jas_matind_t xstart,
   jas_matind_t ystart, jas_matind_t xend, jas_matind_t yend)
 {
+	if (xstart < s1->xstart_ || ystart < s1->ystart_ ||
+			xend > s1->xend_ || yend > s1->yend_)
+		return -1;
 	jas_matrix_bindsub(s, s1, ystart - s1->ystart_, xstart - s1->xstart_,
-	  yend - s1->ystart_ - 1, xend - s1->xstart_ - 1);
+			yend - s1->ystart_ - 1, xend - s1->xstart_ - 1);
+	return 0;
 }
 
 void jas_matrix_bindsub(jas_matrix_t *mat0, jas_matrix_t *mat1,
Index: jasper-2.0.14/src/libjasper/include/jasper/jas_seq.h
===================================================================
--- jasper-2.0.14.orig/src/libjasper/include/jasper/jas_seq.h
+++ jasper-2.0.14/src/libjasper/include/jasper/jas_seq.h
@@ -285,7 +285,7 @@ JAS_DLLEXPORT jas_matrix_t *jas_seq2d_cr
 #define jas_seq2d_size(s) \
 	(jas_seq2d_width(s) * jas_seq2d_height(s))
 
-JAS_DLLEXPORT void jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, jas_matind_t xstart,
+JAS_DLLEXPORT int jas_seq2d_bindsub(jas_matrix_t *s, jas_matrix_t *s1, jas_matind_t xstart,
   jas_matind_t ystart, jas_matind_t xend, jas_matind_t yend);
 
 /******************************************************************************\
Index: jasper-2.0.14/src/libjasper/jpc/jpc_dec.c
===================================================================
--- jasper-2.0.14.orig/src/libjasper/jpc/jpc_dec.c
+++ jasper-2.0.14/src/libjasper/jpc/jpc_dec.c
@@ -831,8 +831,10 @@ static int jpc_dec_tileinit(jpc_dec_t *d
 				if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) {
 					return -1;
 				}
-				jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart,
-				  bnd->locystart, bnd->locxend, bnd->locyend);
+				if (jas_seq2d_bindsub(band->data, tcomp->data, bnd->locxstart,
+							bnd->locystart, bnd->locxend, bnd->locyend)) {
+					return -1;
+				}
 				jas_seq2d_setshift(band->data, bnd->xstart, bnd->ystart);
 
 				assert(rlvl->numprcs);
@@ -912,8 +914,10 @@ static int jpc_dec_tileinit(jpc_dec_t *d
 								  0))) {
 									return -1;
 								}
-								jas_seq2d_bindsub(cblk->data, band->data,
-								  tmpxstart, tmpystart, tmpxend, tmpyend);
+								if (jas_seq2d_bindsub(cblk->data, band->data,
+											tmpxstart, tmpystart, tmpxend, tmpyend)) {
+									return -1;
+								}
 								++cblk;
 								--cblkcnt;
 							}
Index: jasper-2.0.14/src/libjasper/jpc/jpc_enc.c
===================================================================
--- jasper-2.0.14.orig/src/libjasper/jpc/jpc_enc.c
+++ jasper-2.0.14/src/libjasper/jpc/jpc_enc.c
@@ -2332,8 +2332,10 @@ if (bandinfo->xstart != bandinfo->xend &
 	if (!(band->data = jas_seq2d_create(0, 0, 0, 0))) {
 		goto error;
 	}
-	jas_seq2d_bindsub(band->data, tcmpt->data, bandinfo->locxstart,
-	  bandinfo->locystart, bandinfo->locxend, bandinfo->locyend);
+	if (jas_seq2d_bindsub(band->data, tcmpt->data, bandinfo->locxstart,
+				bandinfo->locystart, bandinfo->locxend, bandinfo->locyend)) {
+		goto error;
+	}
 	jas_seq2d_setshift(band->data, bandinfo->xstart, bandinfo->ystart);
 }
 	band->orient = bandinfo->orient;
@@ -2609,7 +2611,9 @@ static jpc_enc_cblk_t *cblk_create(jpc_e
 	if (!(cblk->data = jas_seq2d_create(0, 0, 0, 0))) {
 		goto error;
 	}
-	jas_seq2d_bindsub(cblk->data, band->data, cblktlx, cblktly, cblkbrx, cblkbry);
+	if (jas_seq2d_bindsub(cblk->data, band->data, cblktlx, cblktly, cblkbrx, cblkbry)) {
+		goto error;
+	}
 
 	return cblk;
openSUSE Build Service is sponsored by