jasper/CVE-2018-9055.patch

From d4358fb62a01bd542146a1d25b8f6fd2a0b210fe Mon Sep 17 00:00:00 2001
From: Michael Vetter <jubalh@iodoru.org>
Date: Mon, 25 Mar 2019 12:20:26 +0100
Subject: [PATCH] Fix integer width in jpc_math

Fix denial of service via a reachable assertion in the function jpc_firstone in libjasper/jpc/jpc_math.c.

Assigned CVE-2018-9055.
Fixes https://github.com/mdadams/jasper/issues/172.

Fix by Fridrich Strba <FStrba@suse.com>.
---
 src/libjasper/jpc/jpc_math.c | 4 ++--
 src/libjasper/jpc/jpc_math.h | 5 +++--
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/libjasper/jpc/jpc_math.c b/src/libjasper/jpc/jpc_math.c
index 2b70844..1b18880 100644
--- a/src/libjasper/jpc/jpc_math.c
+++ b/src/libjasper/jpc/jpc_math.c
@@ -86,7 +86,7 @@
 
 /* Calculate the integer quantity floor(log2(x)), where x is a positive
   integer. */
-int jpc_floorlog2(int x)
+int jpc_floorlog2(int_fast32_t x)
 {
 	int y;
 
@@ -105,7 +105,7 @@ int jpc_floorlog2(int x)
   integer. */
 /* This function is the basically the same as ceillog2(x), except that the
   allowable range for x is slightly different. */
-int jpc_firstone(int x)
+int jpc_firstone(int_fast32_t x)
 {
 	int n;
 
diff --git a/src/libjasper/jpc/jpc_math.h b/src/libjasper/jpc/jpc_math.h
index e8e0978..bd80d51 100644
--- a/src/libjasper/jpc/jpc_math.h
+++ b/src/libjasper/jpc/jpc_math.h
@@ -67,6 +67,7 @@
 \******************************************************************************/
 
 #include	<assert.h>
+#include	<stdint.h>
 
 /******************************************************************************\
 * Macros
@@ -90,10 +91,10 @@
 
 /* Calculate the bit position of the first leading one in a nonnegative
   integer. */
-int jpc_firstone(int x);
+int jpc_firstone(int_fast32_t x);
 
 /* Calculate the integer quantity floor(log2(x)), where x is a positive
   integer. */
-int jpc_floorlog2(int x);
+int jpc_floorlog2(int_fast32_t x);
 
 #endif