build with -fno-strict-overflow

jasper.spec

@@ -7,7 +7,7 @@ Summary: Implementation of the JPEG-2000 standard, Part 1
 Name:    jasper
 Group:   System Environment/Libraries
 Version: 1.900.1
-Release: 20%{?dist}
+Release: 21%{?dist}
 
 License: JasPer
 URL:     http://www.ece.uvic.ca/~frodo/jasper/
@@ -106,6 +106,19 @@ autoreconf -i
 
 %build
 
+# jas_icc.c:744:2: warning: assuming signed overflow does not occur
+# when assuming that (X + c) < X is always false [-Wstrict-overflow]
+#
+# comment from Red Hat Security Response Team:
+# gcc inlines jas_iccattrtab_resize into jas_iccattrtab_add. Additionally, it
+# essentially removes the "assert(maxents >= tab->numattrs);" assertion in
+# jas_iccattrtab_resize, because it assumes that "maxents >= tab->numattrs" will
+# always be true due to jas_iccattrtab_resize(attrtab, attrtab->numattrs + 32),
+# especially the + 32. This assumption can only be true if it completely ignores
+# the problem of signed integer overflows. I don't think it's a smart idea to
+# accept that.
+# -fno-strict-overflow forces gcc into keeping the assertion there.
+CFLAGS="%{optflags} -fno-strict-overflow" \
 %configure \
   --enable-shared \
   --disable-static 
@@ -156,6 +169,9 @@ make check
 
 
 %changelog
+* Thu Dec 06 2012 Jiri Popelka <jpopelka@redhat.com> - 1.900.1-21
+- build with -fno-strict-overflow
+
 * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.900.1-20
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild