Blame SOURCES/jasper-2.0.14-CVE-2016-9396.patch

9051de
diff -urNp old/src/libjasper/jpc/jpc_cs.c new/src/libjasper/jpc/jpc_cs.c
9051de
--- old/src/libjasper/jpc/jpc_cs.c	2018-05-30 09:01:54.160406645 +0200
9051de
+++ new/src/libjasper/jpc/jpc_cs.c	2018-05-30 09:05:24.527094308 +0200
9051de
@@ -795,6 +795,9 @@ static int jpc_cox_getcompparms(jpc_ms_t
9051de
 	if (compparms->numdlvls > 32) {
9051de
 		goto error;
9051de
 	}
9051de
+	if (compparms->qmfbid != JPC_COX_INS &&
9051de
+	    compparms->qmfbid != JPC_COX_RFT)
9051de
+		goto error;
9051de
 	compparms->numrlvls = compparms->numdlvls + 1;
9051de
 	if (compparms->numrlvls > JPC_MAXRLVLS) {
9051de
 		goto error;