From: http://pkgs.fedoraproject.org/cgit/rpms/jasper.git/plain/jasper-CVE-2015-5203.patch

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>

diff -urNp jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1.new/src/libjasper/base/jas_stream.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c	2016-08-11 13:35:09.160895769 +0200
+++ jasper-1.900.1.new/src/libjasper/base/jas_stream.c	2016-08-11 13:39:33.800843489 +0200
@@ -99,7 +99,7 @@ static int jas_strtoopenmode(const char
 static void jas_stream_destroy(jas_stream_t *stream);
 static jas_stream_t *jas_stream_create(void);
 static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-  int bufsize);
+  size_t bufsize);
 
 static int mem_read(jas_stream_obj_t *obj, char *buf, int cnt);
 static int mem_write(jas_stream_obj_t *obj, char *buf, int cnt);
@@ -168,7 +168,7 @@ static jas_stream_t *jas_stream_create()
 	return stream;
 }
 
-jas_stream_t *jas_stream_memopen(char *buf, int bufsize)
+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize)
 {
 	jas_stream_t *stream;
 	jas_stream_memobj_t *obj;
@@ -570,7 +570,7 @@ int jas_stream_puts(jas_stream_t *stream
 	return 0;
 }
 
-char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize)
+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize)
 {
 	int c;
 	char *bufptr;
@@ -694,7 +694,7 @@ long jas_stream_tell(jas_stream_t *strea
 \******************************************************************************/
 
 static void jas_stream_initbuf(jas_stream_t *stream, int bufmode, char *buf,
-  int bufsize)
+  size_t bufsize)
 {
 	/* If this function is being called, the buffer should not have been
 	  initialized yet. */
@@ -987,7 +987,7 @@ static int mem_read(jas_stream_obj_t *ob
 	return cnt;
 }
 
-static int mem_resize(jas_stream_memobj_t *m, int bufsize)
+static int mem_resize(jas_stream_memobj_t *m, size_t bufsize)
 {
 	unsigned char *buf;
 
diff -urNp jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h
--- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_stream.h	2007-01-19 22:43:04.000000000 +0100
+++ jasper-1.900.1.new/src/libjasper/include/jasper/jas_stream.h	2016-08-11 13:41:27.841153595 +0200
@@ -215,7 +215,7 @@ typedef struct {
 	uchar *bufstart_;
 
 	/* The buffer size. */
-	int bufsize_;
+	size_t bufsize_;
 
 	/* The current position in the buffer. */
 	uchar *ptr_;
@@ -267,7 +267,7 @@ typedef struct {
 	uchar *buf_;
 
 	/* The allocated size of the buffer for holding file data. */
-	int bufsize_;
+	size_t bufsize_;
 
 	/* The length of the file. */
 	int_fast32_t len_;
@@ -291,7 +291,7 @@ typedef struct {
 jas_stream_t *jas_stream_fopen(const char *filename, const char *mode);
 
 /* Open a memory buffer as a stream. */
-jas_stream_t *jas_stream_memopen(char *buf, int bufsize);
+jas_stream_t *jas_stream_memopen(char *buf, size_t bufsize);
 
 /* Open a file descriptor as a stream. */
 jas_stream_t *jas_stream_fdopen(int fd, const char *mode);
@@ -366,7 +366,7 @@ int jas_stream_printf(jas_stream_t *stre
 int jas_stream_puts(jas_stream_t *stream, const char *s);
 
 /* Read a line of input from a stream. */
-char *jas_stream_gets(jas_stream_t *stream, char *buf, int bufsize);
+char *jas_stream_gets(jas_stream_t *stream, char *buf, size_t bufsize);
 
 /* Look at the next character to be read from a stream without actually
   removing it from the stream. */
diff -urNp jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c
--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c	2016-08-11 13:35:09.170895681 +0200
+++ jasper-1.900.1.new/src/libjasper/jpc/jpc_qmfb.c	2016-08-11 13:45:20.847809678 +0200
@@ -305,7 +305,7 @@ jpc_qmfb2d_t jpc_ns_qmfb2d = {
 void jpc_qmfb_split_row(jpc_fix_t *a, int numcols, int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
 	jpc_fix_t *buf = splitbuf;
 	register jpc_fix_t *srcptr;
@@ -365,7 +365,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
   int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE];
 	jpc_fix_t *buf = splitbuf;
 	register jpc_fix_t *srcptr;
@@ -425,7 +425,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
   int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
 	jpc_fix_t *buf = splitbuf;
 	jpc_fix_t *srcptr;
@@ -506,7 +506,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
   int stride, int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t splitbuf[QMFB_SPLITBUFSIZE * JPC_QMFB_COLGRPSIZE];
 	jpc_fix_t *buf = splitbuf;
 	jpc_fix_t *srcptr;
@@ -586,7 +586,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
 void jpc_qmfb_join_row(jpc_fix_t *a, int numcols, int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numcols, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numcols, 1);
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
 	jpc_fix_t *buf = joinbuf;
 	register jpc_fix_t *srcptr;
@@ -643,7 +643,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
   int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE];
 	jpc_fix_t *buf = joinbuf;
 	register jpc_fix_t *srcptr;
@@ -700,7 +700,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a,
   int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
 	jpc_fix_t *buf = joinbuf;
 	jpc_fix_t *srcptr;
@@ -778,7 +778,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a,
   int stride, int parity)
 {
 
-	int bufsize = JPC_CEILDIVPOW2(numrows, 1);
+	size_t bufsize = JPC_CEILDIVPOW2(numrows, 1);
 	jpc_fix_t joinbuf[QMFB_JOINBUFSIZE * JPC_QMFB_COLGRPSIZE];
 	jpc_fix_t *buf = joinbuf;
 	jpc_fix_t *srcptr;
diff -urNp jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1.new/src/libjasper/mif/mif_cod.c
--- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c	2016-08-11 13:35:09.179895601 +0200
+++ jasper-1.900.1.new/src/libjasper/mif/mif_cod.c	2016-08-11 13:46:26.166415464 +0200
@@ -107,7 +107,7 @@ static int mif_hdr_put(mif_hdr_t *hdr, j
 static int mif_hdr_addcmpt(mif_hdr_t *hdr, int cmptno, mif_cmpt_t *cmpt);
 static mif_cmpt_t *mif_cmpt_create(void);
 static void mif_cmpt_destroy(mif_cmpt_t *cmpt);
-static char *mif_getline(jas_stream_t *jas_stream, char *buf, int bufsize);
+static char *mif_getline(jas_stream_t *jas_stream, char *buf, size_t bufsize);
 static int mif_getc(jas_stream_t *in);
 static mif_hdr_t *mif_makehdrfromimage(jas_image_t *image);
 
@@ -657,7 +657,7 @@ static void mif_cmpt_destroy(mif_cmpt_t
 * MIF parsing code.
 \******************************************************************************/
 
-static char *mif_getline(jas_stream_t *stream, char *buf, int bufsize)
+static char *mif_getline(jas_stream_t *stream, char *buf, size_t bufsize)
 {
 	int c;
 	char *bufptr;