Overview

File jasper-CVE-2016-9398.patch of Package jasper

--- jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c	2016-10-18 08:27:00.000000000 +0200
+++ jasper-1.900.14/src/libjasper/jpc/jpc_t2dec.c	2016-12-13 10:42:02.827869570 +0100
@@ -296,6 +296,9 @@
 						passno = cblk->firstpassno + cblk->numpasses + mycounter;
 	/* XXX - the maxpasses is not set precisely but this doesn't matter... */
 						maxpasses = JPC_SEGPASSCNT(passno, cblk->firstpassno, 10000, (ccp->cblkctx & JPC_COX_LAZY) != 0, (ccp->cblkctx & JPC_COX_TERMALL) != 0);
+						// Avoid maxpasses to be negative
+						if (maxpasses < 0)
+							maxpasses = -maxpasses;
 						if (!discard && !seg) {
 							if (!(seg = jpc_seg_alloc())) {
 								return -1;
openSUSE Build Service is sponsored by
Places