Overview

File jasper-CVE-2025-8836.patch of Package jasper.40243

Based on 79185d32d7a444abae441935b20ae4676b3513d4
Index: jasper-1.900.14/src/libjasper/jpc/jpc_enc.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_enc.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_enc.c
@@ -472,18 +472,36 @@ static jpc_enc_cp_t *cp_create(char *opt
 			cp->tileheight = atoi(jas_tvparser_getval(tvp));
 			break;
 		case OPT_PRCWIDTH:
-			prcwidthexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+			i = atoi(jas_tvparser_getval(tvp));
+			if (i <= 0) {
+				jas_eprintf("invalid precinct width (%d)\n", i);
+				goto error;
+			}
+			prcwidthexpn = jpc_floorlog2(i);
 			break;
 		case OPT_PRCHEIGHT:
-			prcheightexpn = jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+			i = atoi(jas_tvparser_getval(tvp));
+			if (i <= 0) {
+				jas_eprintf("invalid precinct height (%d)\n", i);
+				goto error;
+			}
+			prcheightexpn = jpc_floorlog2(i);
 			break;
 		case OPT_CBLKWIDTH:
-			tccp->cblkwidthexpn =
-			  jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+			i = atoi(jas_tvparser_getval(tvp));
+			if (i <= 0) {
+				jas_eprintf("invalid code block width (%d)\n", i);
+				goto error;
+			}
+			tccp->cblkwidthexpn = jpc_floorlog2(i);
 			break;
 		case OPT_CBLKHEIGHT:
-			tccp->cblkheightexpn =
-			  jpc_floorlog2(atoi(jas_tvparser_getval(tvp)));
+			i = atoi(jas_tvparser_getval(tvp));
+			if (i <= 0) {
+				jas_eprintf("invalid code block height (%d)\n", i);
+				goto error;
+			}
+			tccp->cblkheightexpn = jpc_floorlog2(i);
 			break;
 		case OPT_MODE:
 			if ((tagid = jas_taginfo_nonull(jas_taginfos_lookup(modetab,
Index: jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/jpc/jpc_t2dec.c
+++ jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c
@@ -343,7 +343,8 @@ hdroffstart = jas_stream_getrwcount(pkth
 						n = JAS_MIN(numnewpasses, maxpasses);
 						mycounter += n;
 						numnewpasses -= n;
-						if ((len = jpc_bitstream_getbits(inb, cblk->numlenbits + jpc_floorlog2(n))) < 0) {
+						if ((len = jpc_bitstream_getbits(inb,
+						  cblk->numlenbits + jpc_floorlog2(n))) < 0) {
 							jpc_bitstream_close(inb);
 							return -1;
 						}
openSUSE Build Service is sponsored by
Places