Overview

File jasper-CVE-2018-19540.patch of Package jasper.40243

Index: jasper-1.900.14/src/libjasper/base/jas_icc.c
===================================================================
--- jasper-1.900.14.orig/src/libjasper/base/jas_icc.c
+++ jasper-1.900.14/src/libjasper/base/jas_icc.c
@@ -1105,6 +1105,8 @@ static int jas_icctxtdesc_input(jas_icca
 	if (jas_stream_read(in, txtdesc->ascdata, txtdesc->asclen) !=
 	  JAS_CAST(int, txtdesc->asclen))
 		goto error;
+	if (txtdesc->asclen < 1)
+		goto error;
 	txtdesc->ascdata[txtdesc->asclen - 1] = '\0';
 	if (jas_iccgetuint32(in, &txtdesc->uclangcode) ||
 	  jas_iccgetuint32(in, &txtdesc->uclen))
openSUSE Build Service is sponsored by
Places