From 9f35e3c62ede55e1b3712b691775b3e08e9ecdbd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josef=20=C5=98=C3=ADdk=C3=BD?= <jridky@redhat.com>
Date: Thu, 28 Jan 2021 09:12:50 +0100
Subject: [PATCH] Resolves: #1921328 - fix CVE-2021-3272

---
 jasper-CVE-2021-3272.patch | 47 ++++++++++++++++++++++++++++++++++++++
 jasper.spec                |  7 +++++-
 2 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100644 jasper-CVE-2021-3272.patch

diff --git a/jasper-CVE-2021-3272.patch b/jasper-CVE-2021-3272.patch
new file mode 100644
index 0000000..20aceb0
--- /dev/null
+++ b/jasper-CVE-2021-3272.patch
@@ -0,0 +1,47 @@
+From 49174ab592cdfa6f1a929a2ee3d4b4976f9459fd Mon Sep 17 00:00:00 2001
+From: Michael Adams <mdadams@ece.uvic.ca>
+Date: Tue, 19 Jan 2021 22:59:33 -0800
+Subject: [PATCH] Fixes #259
+
+---
+ src/libjasper/jp2/jp2_dec.c |  12 ++++++++++--
+ 1 file changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/src/libjasper/jp2/jp2_dec.c b/src/libjasper/jp2/jp2_dec.c
+index 4acf004..60dee42 100644
+--- a/src/libjasper/jp2/jp2_dec.c
++++ b/src/libjasper/jp2/jp2_dec.c
+@@ -255,7 +255,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ 	  with the data in the code stream? */
+ 	if ((samedtype && dec->ihdr->data.ihdr.bpc != JP2_DTYPETOBPC(dtype)) ||
+ 	  (!samedtype && dec->ihdr->data.ihdr.bpc != JP2_IHDR_BPCNULL)) {
+-		jas_eprintf("warning: component data type mismatch\n");
++		jas_eprintf("warning: component data type mismatch (IHDR)\n");
+ 	}
+ 
+ 	/* Is the compression type supported? */
+@@ -278,7 +278,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ 			  ++i) {
+ 				if (jas_image_cmptdtype(dec->image, i) !=
+ 				  JP2_BPCTODTYPE(dec->bpcc->data.bpcc.bpcs[i])) {
+-					jas_eprintf("warning: component data type mismatch\n");
++					jas_eprintf("warning: component data type mismatch (BPCC)\n");
+ 				}
+ 			}
+ 		} else {
+@@ -409,6 +409,14 @@ jas_image_t *jp2_decode(jas_stream_t *in, const char *optstr)
+ 		}
+ 	}
+ 
++	/* Ensure that the number of channels being used by the decoder
++	  matches the number of image components. */
++	if (dec->numchans != jas_image_numcmpts(dec->image)) {
++		jas_eprintf("error: mismatch in number of components (%d != %d)\n",
++		  dec->numchans, jas_image_numcmpts(dec->image));
++		goto error;
++	}
++
+ 	/* Mark all components as being of unknown type. */
+ 
+ 	for (i = 0; i < JAS_CAST(jas_uint, jas_image_numcmpts(dec->image)); ++i) {
+
diff --git a/jasper.spec b/jasper.spec
index 1909d89..0cf11da 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -6,7 +6,7 @@
 Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Version: 2.0.24
-Release: 1%{?dist}
+Release: 2%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -15,6 +15,7 @@ Source0: https://github.com/jasper-software/jasper/archive/version-%{version}.ta
 # skip hard-coded prefix/lib rpath
 Patch2: jasper-2.0.14-rpath.patch
 Patch3: jasper-freeglut.patch
+Patch4: jasper-CVE-2021-3272.patch
 
 # architecture related patches
 Patch100: jasper-2.0.2-test-ppc64-disable.patch
@@ -68,6 +69,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 # Need to disable one test to be able to build it on ppc64 arch
 # At ppc64 this test just stuck (nothing happend - no exception or error)
 %patch3 -p1 -b .freeglut
+%patch4 -p1 -b .CVE-2021-3272
 
 %if "%{_arch}" == "ppc64"
 %patch100 -p1 -b .test-ppc64-disable
@@ -128,6 +130,9 @@ make test -C builder
 
 
 %changelog
+* Thu Jan 28 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-2
+- fix CVE-2021-3272 (#1921328)
+
 * Mon Jan 25 2021 Josef Ridky <jridky@redhat.com> - 2.0.24-1
 - New upstream release 2.0.24 (#1905690)