File jasper-CVE-2016-9396.patch of Package jasper

From a10536d5f7f3164b0a1f1ae3e533f4a12ca6f543 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Fri, 6 Oct 2017 19:15:22 +0200
Subject: [PATCH] jpc_cs: reject all but JPC_COX_INS and JPC_COX_RFT

Fixes assertion failure JPC_NOMINALGAIN() which can be caused by a
crafted JP2 file.

Closes #50, #142
---
 src/libjasper/jpc/jpc_cs.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libjasper/jpc/jpc_cs.c b/src/libjasper/jpc/jpc_cs.c
index f863b69..cec0c75 100644
--- a/src/libjasper/jpc/jpc_cs.c
+++ b/src/libjasper/jpc/jpc_cs.c
@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
 	if (compparms->numdlvls > 32) {
 		goto error;
 	}
+	if (compparms->qmfbid != JPC_COX_INS &&
+	    compparms->qmfbid != JPC_COX_RFT)
+		goto error;
 	compparms->numrlvls = compparms->numdlvls + 1;
 	if (compparms->numrlvls > JPC_MAXRLVLS) {
 		goto error;
-- 
2.16.2

openSUSE Build Service is sponsored by