File jasper-CVE-CVE-2023-51257.patch of Package jasper.32090

Index: jasper-2.0.14/src/libjasper/base/jas_icc.c
===================================================================
--- jasper-2.0.14.orig/src/libjasper/base/jas_icc.c
+++ jasper-2.0.14/src/libjasper/base/jas_icc.c
@@ -1210,10 +1210,20 @@ static int jas_icctxt_input(jas_iccattrv
 {
 	jas_icctxt_t *txt = &attrval->data.txt;
 	txt->string = 0;
+	/* The string must at least contain a single null character. */
+	if (cnt < 1) {
+		goto error;
+	}
 	if (!(txt->string = jas_malloc(cnt)))
 		goto error;
 	if (jas_stream_read(in, txt->string, cnt) != cnt)
 		goto error;
+	/* Ensure that the string is null terminated. */
+	if (txt->string[cnt - 1] != '\0') {
+		goto error;
+	}
+	/* The following line is redundant, unless we do not enforce that
+	  the last character must be null. */
 	txt->string[cnt - 1] = '\0';
 	if (JAS_CAST(int, strlen(txt->string)) + 1 != cnt)
 		goto error;