Backport of the upstream commit:

From 1abc2e5a401a4bf1d5ca4df91358ce5df111f495 Mon Sep 17 00:00:00 2001
From: Michael Adams <mdadams@ece.uvic.ca>
Date: Sun, 20 Nov 2016 04:43:00 -0800
Subject: [PATCH] Fixed an array overflow problem in the JPC decoder.

diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2017-03-30 15:00:55.000000000 +0200
+++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2017-03-30 17:56:05.000000000 +0200
@@ -675,7 +675,7 @@ static int jpc_dec_tileinit(jpc_dec_t *d
 	uint_fast32_t tmpxend;
 	uint_fast32_t tmpyend;
 	jpc_dec_cp_t *cp;
-	jpc_tsfb_band_t bnds[64];
+	jpc_tsfb_band_t bnds[JPC_MAXBANDS];
 	jpc_pchg_t *pchg;
 	int pchgno;
 	jpc_dec_cmpt_t *cmpt;