Backport of upstream commit:

From 33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d Mon Sep 17 00:00:00 2001

From: Michael Adams <mdadams@ece.uvic.ca>

Date: Wed, 19 Oct 2016 15:02:20 -0700

Subject: [PATCH] The RCT and ICT require at least three components.

 Previously, this was enforced with an assertion. Now, the assertion has been

 replaced with a proper error check.

diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c

--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2017-03-31 15:52:43.000000000 +0200

+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2017-03-31 21:58:17.000000000 +0200

@@ -1070,12 +1070,18 @@ static int jpc_dec_tiledecode(jpc_dec_t

 	/* Apply an inverse intercomponent transform if necessary. */

 	switch (tile->cp->mctid) {

 	case JPC_MCT_RCT:

-		assert(dec->numcomps >= 3);

+		if (dec->numcomps < 3) {

+			jas_eprintf("RCT requires at least three components\n");

+			return -1;

+		}

 		jpc_irct(tile->tcomps[0].data, tile->tcomps[1].data,

 		  tile->tcomps[2].data);

 		break;

 	case JPC_MCT_ICT:

-		assert(dec->numcomps >= 3);

+		if (dec->numcomps < 3) {

+			jas_eprintf("ICT requires at least three components\n");

+			return -1;

+		}

 		jpc_iict(tile->tcomps[0].data, tile->tcomps[1].data,

 		  tile->tcomps[2].data);

 		break;

@@ -1127,7 +1133,7 @@ static int jpc_dec_tiledecode(jpc_dec_t

 		  JPC_CEILDIV(dec->ystart, cmpt->vstep), jas_matrix_numcols(

 		  tcomp->data), jas_matrix_numrows(tcomp->data), tcomp->data)) {

 			jas_eprintf("write component failed\n");

-			return -4;

+			return -1;

 		}

 	}