From 12db8078ba17a8ffc5cc2429fb506988f0f11b44 Mon Sep 17 00:00:00 2001
From: Max Kellermann <max.kellermann@gmail.com>
Date: Sun, 28 Jun 2020 13:25:12 +0200
Subject: [PATCH] ras_enc: check components for RGB, fixes NULL pointer
 dereference

Fixes CVE-2018-18873

Closes https://github.com/jasper-maint/jasper/issues/15
Closes https://github.com/mdadams/jasper/issues/184
---
 src/libjasper/ras/ras_enc.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/libjasper/ras/ras_enc.c b/src/libjasper/ras/ras_enc.c
index 85ff9a3..dc4f151 100644
--- a/src/libjasper/ras/ras_enc.c
+++ b/src/libjasper/ras/ras_enc.c
@@ -232,6 +232,11 @@ static int ras_putdatastd(jas_stream_t *out, ras_hdr_t *hdr, jas_image_t *image,
 
 	assert(numcmpts <= 3);
 
+	if (RAS_ISRGB(hdr) && numcmpts < 3) {
+		/* need 3 components for RGB */
+		return -1;
+	}
+
 	for (i = 0; i < 3; ++i) {
 		data[i] = 0;
 	}