978a2f
diff -up jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158 jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
978a2f
--- jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c.CVE-2014-8158	2015-01-19 17:25:28.730195502 +0100
978a2f
+++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c	2015-01-19 17:27:20.214663127 +0100
978a2f
@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t splitbuf[bufsize];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = splitbuf;
978a2f
 	register jpc_fix_t *srcptr;
978a2f
 	register jpc_fix_t *dstptr;
978a2f
@@ -318,7 +314,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
978a2f
 	register int m;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Get a buffer. */
978a2f
 	if (bufsize > QMFB_SPLITBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -326,7 +321,6 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	if (numcols >= 2) {
978a2f
 		hstartcol = (numcols + 1 - parity) >> 1;
978a2f
@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
978a2f
 		}
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the split buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != splitbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t splitbuf[bufsize];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = splitbuf;
978a2f
 	register jpc_fix_t *srcptr;
978a2f
 	register jpc_fix_t *dstptr;
978a2f
@@ -386,7 +374,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
978a2f
 	register int m;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Get a buffer. */
978a2f
 	if (bufsize > QMFB_SPLITBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -394,7 +381,6 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	if (numrows >= 2) {
978a2f
 		hstartcol = (numrows + 1 - parity) >> 1;
978a2f
@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
978a2f
 		}
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the split buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != splitbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = splitbuf;
978a2f
 	jpc_fix_t *srcptr;
978a2f
 	jpc_fix_t *dstptr;
978a2f
@@ -457,7 +437,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
978a2f
 	int m;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Get a buffer. */
978a2f
 	if (bufsize > QMFB_SPLITBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -465,7 +444,6 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	if (numrows >= 2) {
978a2f
 		hstartcol = (numrows + 1 - parity) >> 1;
978a2f
@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
978a2f
 		}
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the split buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != splitbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t splitbuf[bufsize * numcols];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = splitbuf;
978a2f
 	jpc_fix_t *srcptr;
978a2f
 	jpc_fix_t *dstptr;
978a2f
@@ -546,7 +518,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
978a2f
 	int m;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Get a buffer. */
978a2f
 	if (bufsize > QMFB_SPLITBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -554,7 +525,6 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	if (numrows >= 2) {
978a2f
 		hstartcol = (numrows + 1 - parity) >> 1;
978a2f
@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
978a2f
 		}
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the split buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != splitbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -619,18 +587,13 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t joinbuf[bufsize];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = joinbuf;
978a2f
 	register jpc_fix_t *srcptr;
978a2f
 	register jpc_fix_t *dstptr;
978a2f
 	register int n;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Allocate memory for the join buffer from the heap. */
978a2f
 	if (bufsize > QMFB_JOINBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -638,7 +601,6 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	hstartcol = (numcols + 1 - parity) >> 1;
978a2f
 
978a2f
@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
978a2f
 		++srcptr;
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the join buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != joinbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -684,18 +644,13 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t joinbuf[bufsize];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = joinbuf;
978a2f
 	register jpc_fix_t *srcptr;
978a2f
 	register jpc_fix_t *dstptr;
978a2f
 	register int n;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Allocate memory for the join buffer from the heap. */
978a2f
 	if (bufsize > QMFB_JOINBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
978a2f
@@ -703,7 +658,6 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	hstartcol = (numrows + 1 - parity) >> 1;
978a2f
 
978a2f
@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
978a2f
 		++srcptr;
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the join buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != joinbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = joinbuf;
978a2f
 	jpc_fix_t *srcptr;
978a2f
 	jpc_fix_t *dstptr;
978a2f
@@ -763,7 +711,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
978a2f
 	register int i;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Allocate memory for the join buffer from the heap. */
978a2f
 	if (bufsize > QMFB_JOINBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
978a2f
@@ -771,7 +718,6 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	hstartcol = (numrows + 1 - parity) >> 1;
978a2f
 
978a2f
@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
978a2f
 		srcptr += JPC_QMFB_COLGRPSIZE;
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the join buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != joinbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f
 
978a2f
@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
978a2f
 {
978a2f
 
978a2f
 	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
978a2f
-#else
978a2f
-	jpc_fix_t joinbuf[bufsize * numcols];
978a2f
-#endif
978a2f
 	jpc_fix_t *buf = joinbuf;
978a2f
 	jpc_fix_t *srcptr;
978a2f
 	jpc_fix_t *dstptr;
978a2f
@@ -849,7 +789,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
978a2f
 	register int i;
978a2f
 	int hstartcol;
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* Allocate memory for the join buffer from the heap. */
978a2f
 	if (bufsize > QMFB_JOINBUFSIZE) {
978a2f
 		if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
978a2f
@@ -857,7 +796,6 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
978a2f
 			abort();
978a2f
 		}
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 	hstartcol = (numrows + 1 - parity) >> 1;
978a2f
 
978a2f
@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
978a2f
 		srcptr += numcols;
978a2f
 	}
978a2f
 
978a2f
-#if !defined(HAVE_VLA)
978a2f
 	/* If the join buffer was allocated on the heap, free this memory. */
978a2f
 	if (buf != joinbuf) {
978a2f
 		jas_free(buf);
978a2f
 	}
978a2f
-#endif
978a2f
 
978a2f
 }
978a2f