Backport of the upstream commit:

From 44a524e367597af58d6265ae2014468b334d0309 Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Thu, 20 Oct 2016 07:34:32 -0700
Subject: [PATCH] The memory stream interface allows for a buffer size of zero.
 The case of a zero-sized buffer was not handled correctly, as it could lead
 to a double free. This problem has now been fixed (hopefully). One might ask
 whether a zero-sized buffer should be allowed at all, but this is a question
 for another day.

diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c	2017-03-24 13:23:23.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c	2017-03-24 13:33:01.986069625 +0100
@@ -991,8 +991,8 @@ static int mem_resize(jas_stream_memobj_
 {
 	unsigned char *buf;
 
-	assert(m->buf_);
-	if (!(buf = jas_realloc(m->buf_, bufsize))) {
+	//assert(m->buf_);
+	if (!(buf = jas_realloc(m->buf_, bufsize)) && bufsize) {
 		return -1;
 	}
 	m->buf_ = buf;