Apply 03-CVE-2011-4516-and-CVE-2011-4517 patch from debian libjasper-dev (1.900.1...

diff --git a/3rdparty/libjasper/jpc_cs.c b/3rdparty/libjasper/jpc_cs.c
index 85378d6..97d607e 100644 (file)
--- a/3rdparty/libjasper/jpc_cs.c
+++ b/3rdparty/libjasper/jpc_cs.c
@@ -743,6 +743,10 @@ static int jpc_cox_getcompparms(jpc_ms_t *ms, jpc_cstate_t *cstate,
                return -1;
        }
        compparms->numrlvls = compparms->numdlvls + 1;
+       if (compparms->numrlvls > JPC_MAXRLVLS) {
+               jpc_cox_destroycompparms(compparms);
+               return -1;
+       }
        if (prtflag) {
                for (i = 0; i < compparms->numrlvls; ++i) {
                        if (jpc_getuint8(in, &tmp)) {
@@ -1330,7 +1334,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms, jpc_cstate_t *cstate, jas_stream_t *in
        jpc_crgcomp_t *comp;
        uint_fast16_t compno;
        crg->numcomps = cstate->numcomps;
-       if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+       if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(jpc_crgcomp_t)))) {
                return -1;
        }
        for (compno = 0, comp = crg->comps; compno < cstate->numcomps;