jasper/SOURCES/jasper-2.0.14-CVE-2020-27828.patch

diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c
--- a/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:07:34.988061153 +0200
+++ b/src/libjasper/jpc/jpc_enc.c	2021-06-01 14:08:32.100584582 +0200
@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha
 			break;
 		case OPT_MAXRLVLS:
 			tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));
+            if(tccp->maxrlvls > JPC_MAXRLVLS) {
+				jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);
+				goto error;
+			}
 			break;
 		case OPT_SOP:
 			cp->tcp.csty |= JPC_COD_SOP;
import jasper-2.0.14-5.el8 2021-10-06 08:19:50 +00:00			`diff -urNp a/src/libjasper/jpc/jpc_enc.c b/src/libjasper/jpc/jpc_enc.c`
			`--- a/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:07:34.988061153 +0200`
			`+++ b/src/libjasper/jpc/jpc_enc.c 2021-06-01 14:08:32.100584582 +0200`
			`@@ -508,6 +508,10 @@ static jpc_enc_cp_t *cp_create(const cha`
			`break;`
			`case OPT_MAXRLVLS:`
			`tccp->maxrlvls = atoi(jas_tvparser_getval(tvp));`
			`+ if(tccp->maxrlvls > JPC_MAXRLVLS) {`
			`+ jas_eprintf("invalid number of resolution levels upper than %d\n",JPC_MAXRLVLS);`
			`+ goto error;`
			`+ }`
			`break;`
			`case OPT_SOP:`
			`cp->tcp.csty \|= JPC_COD_SOP;`