Backport of the upstream commit:

From c87ad330a8b8d6e5eb0065675601fdfae08ebaab Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Wed, 12 Oct 2016 11:37:33 -0700
Subject: [PATCH] Added fix for CVE-2016-2089.

diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1/src/libjasper/base/jas_image.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c	2017-03-24 22:40:10.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_image.c	2017-03-24 22:40:51.000000000 +0100
@@ -442,6 +442,10 @@ int jas_image_readcmpt(jas_image_t *imag
 		return -1;
 	}
 
+	if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) {
+		return -1;
+	}
+
 	if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
 		if (jas_matrix_resize(data, height, width)) {
 			return -1;
@@ -495,6 +499,10 @@ int jas_image_writecmpt(jas_image_t *ima
 		return -1;
 	}
 
+	if (!jas_matrix_numrows(data) || !jas_matrix_numcols(data)) {
+		return -1;
+	}
+
 	if (jas_matrix_numrows(data) != height || jas_matrix_numcols(data) != width) {
 		return -1;
 	}
diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1/src/libjasper/base/jas_seq.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c	2017-03-24 15:26:36.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_seq.c	2017-03-24 15:28:09.000000000 +0100
@@ -266,13 +266,16 @@ void jas_matrix_divpow2(jas_matrix_t *ma
 	int rowstep;
 	jas_seqent_t *data;
 
-	rowstep = jas_matrix_rowstep(matrix);
-	for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-	  rowstart += rowstep) {
-		for (j = matrix->numcols_, data = rowstart; j > 0; --j,
-		  ++data) {
-			*data = (*data >= 0) ? ((*data) >> n) :
-			  (-((-(*data)) >> n));
+	if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
+		assert(matrix->rows_);
+		rowstep = jas_matrix_rowstep(matrix);
+		for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
+		  rowstart += rowstep) {
+			for (j = matrix->numcols_, data = rowstart; j > 0; --j,
+			  ++data) {
+				*data = (*data >= 0) ? ((*data) >> n) :
+				  (-((-(*data)) >> n));
+			}
 		}
 	}
 }
@@ -286,17 +289,20 @@ void jas_matrix_clip(jas_matrix_t *matri
 	jas_seqent_t *data;
 	int rowstep;
 
-	rowstep = jas_matrix_rowstep(matrix);
-	for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-	  rowstart += rowstep) {
-		data = rowstart;
-		for (j = matrix->numcols_, data = rowstart; j > 0; --j,
-		  ++data) {
-			v = *data;
-			if (v < minval) {
-				*data = minval;
-			} else if (v > maxval) {
-				*data = maxval;
+	if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
+		assert(matrix->rows_);
+		rowstep = jas_matrix_rowstep(matrix);
+		for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
+		  rowstart += rowstep) {
+			data = rowstart;
+			for (j = matrix->numcols_, data = rowstart; j > 0; --j,
+			  ++data) {
+				v = *data;
+				if (v < minval) {
+					*data = minval;
+				} else if (v > maxval) {
+					*data = maxval;
+				}
 			}
 		}
 	}
@@ -311,12 +317,15 @@ void jas_matrix_asr(jas_matrix_t *matrix
 	jas_seqent_t *data;
 
 	assert(n >= 0);
-	rowstep = jas_matrix_rowstep(matrix);
-	for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-	  rowstart += rowstep) {
-		for (j = matrix->numcols_, data = rowstart; j > 0; --j,
-		  ++data) {
-			*data >>= n;
+	if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
+		assert(matrix->rows_);
+		rowstep = jas_matrix_rowstep(matrix);
+		for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
+		  rowstart += rowstep) {
+			for (j = matrix->numcols_, data = rowstart; j > 0; --j,
+			  ++data) {
+				*data >>= n;
+			}
 		}
 	}
 }
@@ -329,12 +338,15 @@ void jas_matrix_asl(jas_matrix_t *matrix
 	int rowstep;
 	jas_seqent_t *data;
 
-	rowstep = jas_matrix_rowstep(matrix);
-	for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-	  rowstart += rowstep) {
-		for (j = matrix->numcols_, data = rowstart; j > 0; --j,
-		  ++data) {
-			*data <<= n;
+	if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
+		assert(matrix->rows_);
+		rowstep = jas_matrix_rowstep(matrix);
+		for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
+		  rowstart += rowstep) {
+			for (j = matrix->numcols_, data = rowstart; j > 0; --j,
+			  ++data) {
+				*data <<= n;
+			}
 		}
 	}
 }
@@ -371,12 +383,15 @@ void jas_matrix_setall(jas_matrix_t *mat
 	int rowstep;
 	jas_seqent_t *data;
 
-	rowstep = jas_matrix_rowstep(matrix);
-	for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
-	  rowstart += rowstep) {
-		for (j = matrix->numcols_, data = rowstart; j > 0; --j,
-		  ++data) {
-			*data = val;
+	if (jas_matrix_numrows(matrix) > 0 && jas_matrix_numcols(matrix) > 0) {
+		assert(matrix->rows_);
+		rowstep = jas_matrix_rowstep(matrix);
+		for (i = matrix->numrows_, rowstart = matrix->rows_[0]; i > 0; --i,
+		  rowstart += rowstep) {
+			for (j = matrix->numcols_, data = rowstart; j > 0; --j,
+			  ++data) {
+				*data = val;
+			}
 		}
 	}
 }