From 7ea8e1cbc4ffc32d779e74d194ab8194e76e9616 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Tue, 16 Mar 2021 08:23:14 +0100
Subject: [PATCH] Fix CVE-2021-3443

---
 jasper-CVE-2021-3443.patch | 29 +++++++++++++++++++++++++++++
 jasper.spec                |  7 ++++++-
 2 files changed, 35 insertions(+), 1 deletion(-)
 create mode 100644 jasper-CVE-2021-3443.patch

diff --git a/jasper-CVE-2021-3443.patch b/jasper-CVE-2021-3443.patch
new file mode 100644
index 0000000..cae6bc6
--- /dev/null
+++ b/jasper-CVE-2021-3443.patch
@@ -0,0 +1,29 @@
+From f94e7499a8b1471a4905c4f9c9e12e60fe88264b Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Sat, 13 Mar 2021 20:04:58 -0800
+Subject: [PATCH] Fixes #269. Added a check for an invalid component reference
+ in the JP2 decoder.
+
+---
+ src/libjasper/jp2/jp2_dec.c |   8 +++++++-
+ 1 files changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+index 2863d82..fe2e29d 100644
+--- a/src/libjasper/jp2/jp2_dec.c
++++ b/src/libjasper/jp2/jp2_dec.c
+@@ -451,7 +451,13 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ 		}
+ 	} else {
+ 		for (i = 0; i < dec->numchans; ++i) {
+-			jas_image_setcmpttype(dec->image, dec->chantocmptlut[i],
++			unsigned compno = dec->chantocmptlut[i];
++			if (compno >= jas_image_numcmpts(dec->image)) {
++				jas_eprintf(
++				  "error: invalid component reference (%d)\n", compno);
++				goto error;
++			}
++			jas_image_setcmpttype(dec->image, compno,
+ 			  jp2_getct(jas_image_clrspc(dec->image), 0, i + 1));
+ 		}
+ 	}
diff --git a/jasper.spec b/jasper.spec
index 74fe5fa..173ad50 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Version: 2.0.26
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -15,6 +15,7 @@ Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.ta
 # skip hard-coded prefix/lib rpath
 Patch2: jasper-2.0.14-rpath.patch
 Patch3: jasper-freeglut.patch
+Patch4: jasper-CVE-2021-3443.patch
 
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
@@ -68,6 +69,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)
 %patch3 -p1 -b .freeglut
+%patch4 -p1 -b .CVE-2021-3443
 
 %if "%{_arch}" == "ppc64"
 %patch100 -p1 -b .test-ppc64-disable
@@ -128,6 +130,9 @@ make test -C builder
 
 
 %changelog
+* Tue Mar 16 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-2
+- Fix CVE-2021-3443 (#1939233)
+
 * Wed Mar 10 2021 Josef Ridky <jridky@redhat.com> - 2.0.26-1
 - New upstream release 2.0.26 (#1935900)