Slackware just notified of these:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9029
Summary:
CVE-2014-8137: double-free
CVE-2014-8138: heap-based buffer overflow
CVE-2014-8157: off-by-one
CVE-2014-8158: multiple stack-based buffer overflows
CVE-2014-9029: multiple off-by-one
Patches from Slackware are available off their ftp site:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/source/jasper/patches/
jasper-CVE-2014-8137.patch.gz 1 KB 09/03/15 18:54:00
jasper-CVE-2014-8138.patch.gz 1 KB 09/03/15 18:55:00
jasper-CVE-2014-8157.patch.gz 1 KB 09/03/15 18:55:00
jasper-CVE-2014-8158.patch.gz 2 KB 09/03/15 18:56:00
jasper-CVE-2014-9029.patch.gz 1 KB 09/03/15 18:57:00
Attached is my attempt to merge above Slackware patches, into
our jasper port.
Someone more familiar with jasper should double check that I
didn't screw anything up.
I have a question though, 'pkg_info jasper' claims gimp as a dependent,
however, 'ldd gimp' doesn't show jasper in the list. What am I missing?
Cheers,
--patrick
Index: Makefile
===================================================================
RCS file: /cvs/obsd/ports/graphics/jasper/Makefile,v
retrieving revision 1.17
diff -u -p -u -p -r1.17 Makefile
--- Makefile 20 Apr 2013 15:25:35 -0000 1.17
+++ Makefile 30 Oct 2015 05:37:32 -0000
@@ -1,9 +1,9 @@
-# $OpenBSD: Makefile,v 1.16 2013/03/21 08:45:18 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.17 2013/04/20 15:25:35 naddy Exp $
COMMENT = reference implementation of JPEG-2000
DISTNAME = jasper-1.900.1
-REVISION = 2
+REVISION = 3
SHARED_LIBS = jasper 2.1
CATEGORIES = graphics
Index: patches/patch-src_libjasper_base_jas_icc_c
===================================================================
RCS file:
/cvs/obsd/ports/graphics/jasper/patches/patch-src_libjasper_base_jas_icc_c,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-src_libjasper_base_jas_icc_c
--- patches/patch-src_libjasper_base_jas_icc_c 17 May 2008 09:32:16 -0000
1.1
+++ patches/patch-src_libjasper_base_jas_icc_c 30 Oct 2015 05:37:32 -0000
@@ -1,6 +1,10 @@
$OpenBSD$
---- src/libjasper/base/jas_icc.c.orig Fri Jan 19 22:43:05 2007
-+++ src/libjasper/base/jas_icc.c Fri May 16 21:38:46 2008
+
+Security fix from Slackware:
+ CVE-2014-8137: double-free
+
+--- src/libjasper/base/jas_icc.c.orig Fri Jan 19 13:43:05 2007
++++ src/libjasper/base/jas_icc.c Thu Oct 29 22:03:25 2015
@@ -373,7 +373,7 @@ int jas_iccprof_save(jas_iccprof_t *prof, jas_stream_t
jas_icctagtab_t *tagtab;
@@ -38,7 +42,15 @@ $OpenBSD$
goto error;
for (i = 0; i < curv->numents; ++i) {
if (jas_iccgetuint16(in, &curv->ents[i]))
-@@ -1100,7 +1099,7 @@ static int jas_icctxtdesc_input(jas_iccattrval_t *attr
+@@ -1011,7 +1010,6 @@ static int jas_icccurv_input(jas_iccattrval_t *attrval
+ return 0;
+
+ error:
+- jas_icccurv_destroy(attrval);
+ return -1;
+ }
+
+@@ -1100,7 +1098,7 @@ static int jas_icctxtdesc_input(jas_iccattrval_t *attr
if (jas_iccgetuint32(in, &txtdesc->uclangcode) ||
jas_iccgetuint32(in, &txtdesc->uclen))
goto error;
@@ -47,7 +59,24 @@ $OpenBSD$
goto error;
if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) !=
JAS_CAST(int, txtdesc->uclen * 2))
-@@ -1292,17 +1291,17 @@ static int jas_icclut8_input(jas_iccattrval_t *attrval
+@@ -1129,7 +1127,6 @@ static int jas_icctxtdesc_input(jas_iccattrval_t *attr
+ #endif
+ return 0;
+ error:
+- jas_icctxtdesc_destroy(attrval);
+ return -1;
+ }
+
+@@ -1208,8 +1205,6 @@ static int jas_icctxt_input(jas_iccattrval_t *attrval,
+ goto error;
+ return 0;
+ error:
+- if (txt->string)
+- jas_free(txt->string);
+ return -1;
+ }
+
+@@ -1292,17 +1287,17 @@ static int jas_icclut8_input(jas_iccattrval_t *attrval
jas_iccgetuint16(in, &lut8->numouttabents))
goto error;
clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) *
lut8->numoutchans;
@@ -72,7 +101,15 @@ $OpenBSD$
sizeof(jas_iccuint8_t *))))
goto error;
for (i = 0; i < lut8->numoutchans; ++i)
-@@ -1461,17 +1460,17 @@ static int jas_icclut16_input(jas_iccattrval_t *attrva
+@@ -1330,7 +1325,6 @@ static int jas_icclut8_input(jas_iccattrval_t *attrval
+ goto error;
+ return 0;
+ error:
+- jas_icclut8_destroy(attrval);
+ return -1;
+ }
+
+@@ -1461,17 +1455,17 @@ static int jas_icclut16_input(jas_iccattrval_t *attrva
jas_iccgetuint16(in, &lut16->numouttabents))
goto error;
clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) *
lut16->numoutchans;
@@ -95,3 +132,11 @@ $OpenBSD$
sizeof(jas_iccuint16_t *))))
goto error;
for (i = 0; i < lut16->numoutchans; ++i)
+@@ -1499,7 +1493,6 @@ static int jas_icclut16_input(jas_iccattrval_t *attrva
+ goto error;
+ return 0;
+ error:
+- jas_icclut16_destroy(attrval);
+ return -1;
+ }
+
Index: patches/patch-src_libjasper_jp2_jp2_dec_c
===================================================================
RCS file:
/cvs/obsd/ports/graphics/jasper/patches/patch-src_libjasper_jp2_jp2_dec_c,v
retrieving revision 1.2
diff -u -p -u -p -r1.2 patch-src_libjasper_jp2_jp2_dec_c
--- patches/patch-src_libjasper_jp2_jp2_dec_c 17 May 2008 09:32:16 -0000
1.2
+++ patches/patch-src_libjasper_jp2_jp2_dec_c 30 Oct 2015 05:37:32 -0000
@@ -1,9 +1,20 @@
$OpenBSD: patch-src_libjasper_jp2_jp2_dec_c,v 1.1.1.1 2004/05/14 05:33:57 brad
Exp $
---- src/libjasper/jp2/jp2_dec.c.orig Fri Jan 19 22:43:05 2007
-+++ src/libjasper/jp2/jp2_dec.c Fri May 16 21:27:34 2008
-@@ -293,7 +293,9 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
+
+Security fixes from Slackware:
+ CVE-2014-8137: double-free
+ CVE-2014-8138: heap-based buffer overflow
+
+--- src/libjasper/jp2/jp2_dec.c.orig Fri Jan 19 13:43:05 2007
++++ src/libjasper/jp2/jp2_dec.c Thu Oct 29 22:04:41 2015
+@@ -291,9 +291,14 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
+ case JP2_COLR_ICC:
+ iccprof = jas_iccprof_createfrombuf(dec->colr->data.colr.iccp,
dec->colr->data.colr.iccplen);
- assert(iccprof);
+- assert(iccprof);
++ if (!iccprof) {
++ jas_eprintf("error: failed to parse ICC profile\n");
++ goto error;
++ }
jas_iccprof_gethdr(iccprof, &icchdr);
- jas_eprintf("ICC Profile CS %08x\n", icchdr.colorspc);
+ if (jas_getdbglevel() >= 1) {
@@ -12,7 +23,7 @@ $OpenBSD: patch-src_libjasper_jp2_jp2_de
jas_image_setclrspc(dec->image, fromiccpcs(icchdr.colorspc));
dec->image->cmprof_ = jas_cmprof_createfromiccprof(iccprof);
assert(dec->image->cmprof_);
-@@ -336,7 +338,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
+@@ -336,7 +341,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
}
/* Allocate space for the channel-number to component-number LUT. */
@@ -21,7 +32,7 @@ $OpenBSD: patch-src_libjasper_jp2_jp2_de
jas_eprintf("error: no memory\n");
goto error;
}
-@@ -354,7 +356,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
+@@ -354,7 +359,7 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
if (cmapent->map == JP2_CMAP_DIRECT) {
dec->chantocmptlut[channo] = channo;
} else if (cmapent->map == JP2_CMAP_PALETTE) {
@@ -30,3 +41,15 @@ $OpenBSD: patch-src_libjasper_jp2_jp2_de
for (i = 0; i < pclrd->numlutents; ++i) {
lutents[i] =
pclrd->lutdata[cmapent->pcol + i * pclrd->numchans];
}
+@@ -386,6 +391,11 @@ jas_image_t *jp2_decode(jas_stream_t *in, char *optstr
+ /* Determine the type of each component. */
+ if (dec->cdef) {
+ for (i = 0; i < dec->numchans; ++i) {
++ /* Is the channel number reasonable? */
++ if (dec->cdef->data.cdef.ents[i].channo >=
dec->numchans) {
++ jas_eprintf("error: invalid channel number in
CDEF box\n");
++ goto error;
++ }
+ jas_image_setcmpttype(dec->image,
+
dec->chantocmptlut[dec->cdef->data.cdef.ents[i].channo],
+ jp2_getct(jas_image_clrspc(dec->image),
Index: patches/patch-src_libjasper_jpc_jpc_dec_c
===================================================================
RCS file:
/cvs/obsd/ports/graphics/jasper/patches/patch-src_libjasper_jpc_jpc_dec_c,v
retrieving revision 1.3
diff -u -p -u -p -r1.3 patch-src_libjasper_jpc_jpc_dec_c
--- patches/patch-src_libjasper_jpc_jpc_dec_c 17 May 2008 09:32:16 -0000
1.3
+++ patches/patch-src_libjasper_jpc_jpc_dec_c 30 Oct 2015 05:37:32 -0000
@@ -1,6 +1,11 @@
$OpenBSD: patch-src_libjasper_jpc_jpc_dec_c,v 1.2 2007/03/29 13:43:53 jasper
Exp $
---- src/libjasper/jpc/jpc_dec.c.orig Fri Jan 19 22:43:07 2007
-+++ src/libjasper/jpc/jpc_dec.c Fri May 16 21:35:28 2008
+
+Security fixes from Slackware:
+ CVE-2014-8157: off-by-one
+ CVE-2014-9029: multiple off-by-one
+
+--- src/libjasper/jpc/jpc_dec.c.orig Fri Jan 19 13:43:07 2007
++++ src/libjasper/jpc/jpc_dec.c Thu Oct 29 22:08:08 2015
@@ -449,7 +449,7 @@ static int jpc_dec_process_sot(jpc_dec_t *dec, jpc_ms_
if (dec->state == JPC_MH) {
@@ -10,6 +15,15 @@ $OpenBSD: patch-src_libjasper_jpc_jpc_de
assert(compinfos);
for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos;
cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) {
+@@ -489,7 +489,7 @@ static int jpc_dec_process_sot(jpc_dec_t *dec, jpc_ms_
+ dec->curtileendoff = 0;
+ }
+
+- if (JAS_CAST(int, sot->tileno) > dec->numtiles) {
++ if (JAS_CAST(int, sot->tileno) >= dec->numtiles) {
+ jas_eprintf("invalid tile number in SOT marker segment\n");
+ return -1;
+ }
@@ -692,7 +692,7 @@ static int jpc_dec_tileinit(jpc_dec_t *dec, jpc_dec_ti
tile->realmode = 1;
}
@@ -73,6 +87,33 @@ $OpenBSD: patch-src_libjasper_jpc_jpc_de
sizeof(jpc_dec_tcomp_t)))) {
return -1;
}
+@@ -1280,7 +1280,7 @@ static int jpc_dec_process_coc(jpc_dec_t *dec, jpc_ms_
+ jpc_coc_t *coc = &ms->parms.coc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, coc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, coc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in COC marker segment\n");
+ return -1;
+ }
+@@ -1306,7 +1306,7 @@ static int jpc_dec_process_rgn(jpc_dec_t *dec, jpc_ms_
+ jpc_rgn_t *rgn = &ms->parms.rgn;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, rgn->compno) > dec->numcomps) {
++ if (JAS_CAST(int, rgn->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in RGN marker segment\n");
+ return -1;
+ }
+@@ -1355,7 +1355,7 @@ static int jpc_dec_process_qcc(jpc_dec_t *dec, jpc_ms_
+ jpc_qcc_t *qcc = &ms->parms.qcc;
+ jpc_dec_tile_t *tile;
+
+- if (JAS_CAST(int, qcc->compno) > dec->numcomps) {
++ if (JAS_CAST(int, qcc->compno) >= dec->numcomps) {
+ jas_eprintf("invalid component number in QCC marker segment\n");
+ return -1;
+ }
@@ -1466,7 +1466,9 @@ static int jpc_dec_process_unk(jpc_dec_t *dec, jpc_ms_
dec = 0;
Index: patches/patch-src_libjasper_jpc_jpc_qmfb_c
===================================================================
RCS file:
/cvs/obsd/ports/graphics/jasper/patches/patch-src_libjasper_jpc_jpc_qmfb_c,v
retrieving revision 1.1
diff -u -p -u -p -r1.1 patch-src_libjasper_jpc_jpc_qmfb_c
--- patches/patch-src_libjasper_jpc_jpc_qmfb_c 17 May 2008 09:32:16 -0000
1.1
+++ patches/patch-src_libjasper_jpc_jpc_qmfb_c 30 Oct 2015 05:37:32 -0000
@@ -1,8 +1,27 @@
$OpenBSD$
---- src/libjasper/jpc/jpc_qmfb.c.orig Fri Jan 19 22:43:07 2007
-+++ src/libjasper/jpc/jpc_qmfb.c Fri May 16 22:46:25 2008
-@@ -321,7 +321,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int
- #if !defined(HAVE_VLA)
+
+Security fix from Slackware:
+ CVE-2014-8158: multiple stack-based buffer overflows
+
+--- src/libjasper/jpc/jpc_qmfb.c.orig Fri Jan 19 13:43:07 2007
++++ src/libjasper/jpc/jpc_qmfb.c Thu Oct 29 22:06:54 2015
+@@ -306,11 +306,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -318,15 +314,13 @@ void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -10,8 +29,41 @@ $OpenBSD$
/* We have no choice but to commit suicide in this
case. */
abort();
}
-@@ -389,7 +389,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, int numrows, int
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ if (numcols >= 2) {
+ hstartcol = (numcols + 1 - parity) >> 1;
+@@ -360,12 +354,10 @@ void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -374,11 +366,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, int numrows, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+@@ -386,15 +374,13 @@ void jpc_qmfb_split_col(jpc_fix_t *a, int numrows, int
+ register int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -19,8 +71,41 @@ $OpenBSD$
/* We have no choice but to commit suicide in this
case. */
abort();
}
-@@ -460,7 +460,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows,
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -428,12 +414,10 @@ void jpc_qmfb_split_col(jpc_fix_t *a, int numrows, int
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -442,11 +426,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -457,15 +437,13 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -28,8 +113,41 @@ $OpenBSD$
/* We have no choice but to commit suicide in this
case. */
abort();
}
-@@ -549,7 +549,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows,
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -517,12 +495,10 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a, int numrows,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -531,11 +507,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows,
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t splitbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = splitbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -546,15 +518,13 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows,
+ int m;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Get a buffer. */
if (bufsize > QMFB_SPLITBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -37,8 +155,40 @@ $OpenBSD$
/* We have no choice but to commit suicide in this
case. */
abort();
}
-@@ -633,7 +633,7 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ if (numrows >= 2) {
+ hstartcol = (numrows + 1 - parity) >> 1;
+@@ -606,12 +576,10 @@ void jpc_qmfb_split_colres(jpc_fix_t *a, int numrows,
+ }
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the split buffer was allocated on the heap, free this memory. */
+ if (buf != splitbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -619,26 +587,20 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -46,8 +196,40 @@ $OpenBSD$
/* We have no choice but to commit suicide. */
abort();
}
-@@ -698,7 +698,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int numrows, int
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ hstartcol = (numcols + 1 - parity) >> 1;
+
+@@ -670,12 +632,10 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -684,26 +644,20 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int numrows, int
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ register jpc_fix_t *srcptr;
+ register jpc_fix_t *dstptr;
+ register int n;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
@@ -55,8 +237,41 @@ $OpenBSD$
/* We have no choice but to commit suicide. */
abort();
}
-@@ -766,7 +766,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, int numrows, i
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -735,12 +689,10 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int numrows, int
+ ++srcptr;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -749,11 +701,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, int numrows, i
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * JPC_QMFB_COLGRPSIZE];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -763,15 +711,13 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, int numrows, i
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE *
sizeof(jpc_fix_t)))) {
@@ -64,8 +279,41 @@ $OpenBSD$
/* We have no choice but to commit suicide. */
abort();
}
-@@ -852,7 +852,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, int numrows, i
- #if !defined(HAVE_VLA)
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -821,12 +767,10 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, int numrows, i
+ srcptr += JPC_QMFB_COLGRPSIZE;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
+@@ -835,11 +779,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, int numrows, i
+ {
+
+ int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+-#if !defined(HAVE_VLA)
+ jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
+-#else
+- jpc_fix_t joinbuf[bufsize * numcols];
+-#endif
+ jpc_fix_t *buf = joinbuf;
+ jpc_fix_t *srcptr;
+ jpc_fix_t *dstptr;
+@@ -849,15 +789,13 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, int numrows, i
+ register int i;
+ int hstartcol;
+
+-#if !defined(HAVE_VLA)
/* Allocate memory for the join buffer from the heap. */
if (bufsize > QMFB_JOINBUFSIZE) {
- if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t))))
{
@@ -73,3 +321,21 @@ $OpenBSD$
/* We have no choice but to commit suicide. */
abort();
}
+ }
+-#endif
+
+ hstartcol = (numrows + 1 - parity) >> 1;
+
+@@ -907,12 +845,10 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, int numrows, i
+ srcptr += numcols;
+ }
+
+-#if !defined(HAVE_VLA)
+ /* If the join buffer was allocated on the heap, free this memory. */
+ if (buf != joinbuf) {
+ jas_free(buf);
+ }
+-#endif
+
+ }
+
