import openjpeg2-2.4.0-4.el8

SOURCES/openjpeg2_coverity.patch

@@ -47,6 +47,19 @@ index 9d1037a..8d5002a 100644
      buffer32s = (OPJ_INT32 *)malloc(sizeof(OPJ_INT32) * tiWidth * tiSpp);
      if (buffer32s == NULL) {
          _TIFFfree(buf);
+diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
+index 8e343ab..c13d229 100644
+--- a/src/lib/openjp2/j2k.c
++++ b/src/lib/openjp2/j2k.c
+@@ -7075,7 +7075,7 @@ static OPJ_BOOL opj_j2k_is_imf_compliant(opj_cparameters_t *parameters,
+     /* Validate sublevel */
+     assert(sizeof(tabMaxSubLevelFromMainLevel) ==
+            (OPJ_IMF_MAINLEVEL_MAX + 1) * sizeof(tabMaxSubLevelFromMainLevel[0]));
+-    if (sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
++    if (mainlevel <= OPJ_IMF_MAINLEVEL_MAX && sublevel > tabMaxSubLevelFromMainLevel[mainlevel]) {
+         opj_event_msg(p_manager, EVT_WARNING,
+                       "IMF profile require sublevel <= %d for mainlevel = %d.\n"
+                       "-> %d is thus not compliant\n"
 diff --git a/src/lib/openjp2/t2.c b/src/lib/openjp2/t2.c
 index 1481e16..d46bfb4 100644
 --- a/src/lib/openjp2/t2.c

SPECS/openjpeg2.spec

@@ -5,7 +5,7 @@
 
 Name:           openjpeg2
 Version:        2.4.0
-Release:        3%{?dist}
+Release:        4%{?dist}
 Summary:        C-Library for JPEG 2000
 
 # windirent.h is MIT, the rest is BSD
@@ -331,6 +331,9 @@ make test -C %{_target_platform}
 
 
 %changelog
+* Fri Jul 02 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-4
+- Fix Covscan defect
+
 * Wed Jun 09 2021 Nikola Forró <nforro@redhat.com> - 2.4.0-3
 - Fix CVE-2021-3575 (#1969279)
 - Fix resource leak identified by Covscan