Overview

File jasper-CVE-2021-3443.patch of Package jasper.32091

Index: jasper-1.900.14/src/libjasper/jp2/jp2_dec.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jp2/jp2_dec.c
+++ jasper-1.900.14/src/libjasper/jp2/jp2_dec.c
@@ -430,7 +430,12 @@ jas_image_t *jp2_decode(jas_stream_t *in
 		}
 	} else {
 		for (i = 0; i < dec->numchans; ++i) {
-			jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
+			unsigned compno = dec->chantocmptlut[i];
+			if (compno >= jas_image_numcmpts(dec->image)) {
+				jas_eprintf( "error: invalid component reference (%d)\n", compno);
+				goto error;
+			}
+			jas_image_setcmpttype(dec->image, compno,
 			  jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
 		}
 	}
openSUSE Build Service is sponsored by
Places