File openjpeg2-CVE-2016-1924.patch of Package openjpeg2.36921

Index: openjpeg-2.1.0/src/lib/openjp2/j2k.c
===================================================================
--- openjpeg-2.1.0.orig/src/lib/openjp2/j2k.c
+++ openjpeg-2.1.0/src/lib/openjp2/j2k.c
@@ -8449,6 +8449,11 @@ OPJ_BOOL opj_j2k_read_SPCod_SPCoc(  opj_
 
         opj_read_bytes(l_current_ptr,&l_tccp->cblksty ,1);              /* SPcoc (G) */
         ++l_current_ptr;
+        if (l_tccp->cblksty & 0xC0U) { /* 2 msb are reserved, assume we can't read */
+                opj_event_msg(p_manager, EVT_ERROR,
+                              "Error reading SPCod SPCoc element, Invalid code-block style found\n");
+                return OPJ_FALSE;
+        }
 
         opj_read_bytes(l_current_ptr,&l_tccp->qmfbid ,1);               /* SPcoc (H) */
         ++l_current_ptr;
Index: openjpeg-2.1.0/src/lib/openjp2/t2.c
===================================================================
--- openjpeg-2.1.0.orig/src/lib/openjp2/t2.c
+++ openjpeg-2.1.0/src/lib/openjp2/t2.c
@@ -847,9 +847,13 @@ OPJ_BOOL opj_t2_read_packet_header( opj_
 
                 /* reset tagtrees */
                 for (bandno = 0; bandno < l_res->numbands; ++bandno) {
-                        opj_tcd_precinct_t *l_prc = &l_band->precincts[p_pi->precno];
-
                         if ( ! ((l_band->x1-l_band->x0 == 0)||(l_band->y1-l_band->y0 == 0)) ) {
+                                opj_tcd_precinct_t *l_prc = &l_band->precincts[p_pi->precno];
+                                if (!(p_pi->precno < (l_band->precincts_data_size / sizeof(opj_tcd_precinct_t)))) {
+                                        fprintf(stderr, "Invalid precinct\n");
+                                        return OPJ_FALSE;
+                                }
+
                                 opj_tgt_reset(l_prc->incltree);
                                 opj_tgt_reset(l_prc->imsbtree);
                                 l_cblk = l_prc->cblks.dec;