Overview

File jasper-CVE-2016-9600.patch of Package jasper.6608

--- jasper-1.900.14/src/libjasper/jp2/jp2_enc.c	2017-03-17 09:43:12.997336723 +0100
+++ jasper-1.900.14/src/libjasper/jp2/jp2_enc.c	2017-03-17 09:44:09.605336937 +0100
@@ -112,6 +112,8 @@
 
 	box = 0;
 	tmpstream = 0;
+	iccstream = 0;
+	iccprof = 0;
 
 	allcmptssame = 1;
 	sgnd = jas_image_cmptsgnd(image, 0);
@@ -225,22 +227,36 @@
 		colr->method = JP2_COLR_ICC;
 		colr->pri = JP2_COLR_PRI;
 		colr->approx = 0;
-		iccprof = jas_iccprof_createfromcmprof(jas_image_cmprof(image));
-		assert(iccprof);
-		iccstream = jas_stream_memopen(0, 0);
-		assert(iccstream);
-		if (jas_iccprof_save(iccprof, iccstream))
-			abort();
-		if ((pos = jas_stream_tell(iccstream)) < 0)
-			abort();
+		/* Ensure that cmprof_ is not null. */
+		if (!jas_image_cmprof(image)) {
+			goto error;
+		}
+		if (!(iccprof = jas_iccprof_createfromcmprof(
+		  jas_image_cmprof(image)))) {
+			goto error;
+		}
+		if (!(iccstream = jas_stream_memopen(0, 0))) {
+			goto error;
+		}
+		if (jas_iccprof_save(iccprof, iccstream)) {
+			goto error;
+		}
+		if ((pos = jas_stream_tell(iccstream)) < 0) {
+			goto error;
+		}
 		colr->iccplen = pos;
-		colr->iccp = jas_malloc(pos);
-		assert(colr->iccp);
+		if (!(colr->iccp = jas_malloc(pos))) {
+			goto error;
+		}
 		jas_stream_rewind(iccstream);
-		if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) != colr->iccplen)
-			abort();
+		if (jas_stream_read(iccstream, colr->iccp, colr->iccplen) !=
+		  colr->iccplen) {
+			goto error;
+		}
 		jas_stream_close(iccstream);
+		iccstream = 0;
 		jas_iccprof_destroy(iccprof);
+		iccprof = 0;
 		break;
 	}
 	if (jp2_box_put(box, tmpstream)) {
@@ -354,6 +370,12 @@
 
 error:
 
+	if (iccprof) {
+		jas_iccprof_destroy(iccprof);
+	}
+	if (iccstream) {
+		jas_stream_close(iccstream);
+	}
 	if (box) {
 		jp2_box_destroy(box);
 	}
openSUSE Build Service is sponsored by
Places