File _service:tar_scm:backport-CVE-2017-9937.patch of Package jbigkit

From 535df935911c401d345cb004a2fa00eb7a727259 Mon Sep 17 00:00:00 2001
From: wiz <wiz@pkgsrc.org>
Date: Mon, 3 Aug 2020 21:34:06 +0000
Subject: [PATCH] jbigkit: fix CVE-2017-9937 using upstream commit

See e.g.
https://gitlab.com/libtiff/libtiff/-/issues/97

Bump PKGREVISION.

---
 libjbig/jbig.c | 5 +++++
 libjbig/jbig.h | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/libjbig/jbig.c b/libjbig/jbig.c
index 751ceff..7b5b99e 100644
--- a/libjbig/jbig.c
+++ b/libjbig/jbig.c
@@ -2051,6 +2051,7 @@ void jbg_dec_init(struct jbg_dec_state *s)
   s->xmax = 4294967295UL;
   s->ymax = 4294967295UL;
   s->dmax = 256;
+  s->maxmem = 2000000000;  /* no final image larger than 2 GB by default */
   s->s = NULL;
 
   return;
@@ -2640,6 +2641,10 @@ int jbg_dec_in(struct jbg_dec_state *s, unsigned char *data, size_t len,
       return JBG_EIMPL | 5;
     s->options = s->buffer[19];
 
+    /* will the final image require more bytes than permitted by s->maxmem? */
+    if (s->maxmem / s->planes / s->yd / jbg_ceil_half(s->xd, 3) == 0)
+      return JBG_ENOMEM;   /* increase s->maxmem if needed */
+
     /* calculate number of stripes that will be required */
     s->stripes = jbg_stripes(s->l0, s->yd, s->d);
     
diff --git a/libjbig/jbig.h b/libjbig/jbig.h
index 6799410..7a9cdf9 100644
--- a/libjbig/jbig.h
+++ b/libjbig/jbig.h
@@ -181,6 +181,8 @@ struct jbg_dec_state {
   unsigned long xmax, ymax;         /* if possible abort before image gets *
 				     * larger than this size */
   int dmax;                                      /* abort after this layer */
+  size_t maxmem;               /* return JBG_ENOMEM if final image layer D
+                                  would require more than maxmem bytes     */
 };
 
 
-- 
2.23.0