From b9057f435a1c8f2d9078cff337467c6ed58158bd Mon Sep 17 00:00:00 2001
From: Josef Ridky <jridky@redhat.com>
Date: Thu, 11 Aug 2016 14:24:38 +0200
Subject: [PATCH] Resolves: #1255714 - CVE-2015-5221 - Use-after-free and
 double-free in Jasper JPEG-2000 library

---
 jasper-CVE-2015-5221.patch | 20 ++++++++++++++++++++
 jasper.spec                |  3 +++
 2 files changed, 23 insertions(+)
 create mode 100644 jasper-CVE-2015-5221.patch

diff --git a/jasper-CVE-2015-5221.patch b/jasper-CVE-2015-5221.patch
new file mode 100644
index 0000000..a61ea47
--- /dev/null
+++ b/jasper-CVE-2015-5221.patch
@@ -0,0 +1,20 @@
+
+diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
+--- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c	2016-08-11 13:46:26.166415464 +0200
++++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c	2016-08-11 14:17:20.507144931 +0200
+@@ -569,13 +569,13 @@ static int mif_process_cmpt(mif_hdr_t *h
+ 			break;
+ 		}
+ 	}
+-	jas_tvparser_destroy(tvp);
+ 	if (!cmpt->sampperx || !cmpt->samppery) {
+ 		goto error;
+ 	}
+ 	if (mif_hdr_addcmpt(hdr, hdr->numcmpts, cmpt)) {
+ 		goto error;
+ 	}
++	jas_tvparser_destroy(tvp);
+ 	return 0;
+ 
+ error:
+
diff --git a/jasper.spec b/jasper.spec
index fef8c0b..8127f8e 100644
--- a/jasper.spec
+++ b/jasper.spec
@@ -38,6 +38,7 @@ Patch11: jasper-CVE-2014-8138.patch
 Patch12: jasper-CVE-2014-8157.patch
 Patch13: jasper-CVE-2014-8158.patch
 Patch14: jasper-CVE-2015-5203.patch
+Patch15: jasper-CVE-2015-5221.patch
 
 # Issues found by static analysis of code
 Patch110: jasper-1.900.1-Coverity-BAD_SIZEOF.patch
@@ -106,6 +107,7 @@ Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 %patch12 -p1 -b .CVE-2014-8157
 %patch13 -p1 -b .CVE-2014-8158
 %patch14 -p1 -b .CVE-2015-5203
+%patch15 -p1 -b .CVE-2015-5221
 
 %patch110 -p1 -b .BAD_SIZEOF
 %patch111 -p1 -b .CHECKED_RETURN
@@ -185,6 +187,7 @@ make check
 %changelog
 * Thu Aug 11 2016 Josef Ridky <jridky@redhat.com> - 1.900.1-33
 - CVE-2015-5203 - double free in jasper_image_stop_load() (#1254244)
+- CVE-2015-5221 - Use-after-free and double-free flaws (#1255714)
 
 * Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.900.1-32
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild