Slackware 14.2slackware-14.2

Thu Jun 30 20:26:57 UTC 2016
Slackware 14.2 x86_64 stable is released!

The long development cycle (the Linux community has lately been living in
"interesting times", as they say) is finally behind us, and we're proud to
announce the release of Slackware 14.2.  The new release brings many updates
and modern tools, has switched from udev to eudev (no systemd), and adds
well over a hundred new packages to the system.  Thanks to the team, the
upstream developers, the dedicated Slackware community, and everyone else
who pitched in to help make this release a reality.

The ISOs are off to be replicated, a 6 CD-ROM 32-bit set and a dual-sided
32-bit/64-bit x86/x86_64 DVD.  Please consider supporting the Slackware
project by picking up a copy from store.slackware.com.  We're taking
pre-orders now, and offer a discount if you sign up for a subscription.

Have fun!  :-)

1 files changed, 928 insertions, 0 deletions

diff --git a/source/l/jasper/patches/jasper-1.900.1-CVE-2008-3520.patch b/source/l/jasper/patches/jasper-1.900.1-CVE-2008-3520.patch
new file mode 100644
index 000000000..0f5e3b746
--- /dev/null
+++ b/source/l/jasper/patches/jasper-1.900.1-CVE-2008-3520.patch
@@ -0,0 +1,928 @@
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3520
+
+OpenBSD jas_malloc hardening patches
+
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_cm.c jasper-1.900.1/src/libjasper/base/jas_cm.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_cm.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_cm.c	2009-10-22 10:27:45.000000000 +0200
+@@ -704,8 +704,7 @@ static int jas_cmpxformseq_resize(jas_cm
+ {
+ 	jas_cmpxform_t **p;
+ 	assert(n >= pxformseq->numpxforms);
+-	p = (!pxformseq->pxforms) ? jas_malloc(n * sizeof(jas_cmpxform_t *)) :
+-	  jas_realloc(pxformseq->pxforms, n * sizeof(jas_cmpxform_t *));
++	p = jas_realloc2(pxformseq->pxforms, n, sizeof(jas_cmpxform_t *));
+ 	if (!p) {
+ 		return -1;
+ 	}
+@@ -889,13 +888,13 @@ static int jas_cmshapmatlut_set(jas_cmsh
+ 	jas_cmshapmatlut_cleanup(lut);
+ 	if (curv->numents == 0) {
+ 		lut->size = 2;
+-		if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
++		if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
+ 			goto error;
+ 		lut->data[0] = 0.0;
+ 		lut->data[1] = 1.0;
+ 	} else if (curv->numents == 1) {
+ 		lut->size = 256;
+-		if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
++		if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
+ 			goto error;
+ 		gamma = curv->ents[0] / 256.0;
+ 		for (i = 0; i < lut->size; ++i) {
+@@ -903,7 +902,7 @@ static int jas_cmshapmatlut_set(jas_cmsh
+ 		}
+ 	} else {
+ 		lut->size = curv->numents;
+-		if (!(lut->data = jas_malloc(lut->size * sizeof(jas_cmreal_t))))
++		if (!(lut->data = jas_alloc2(lut->size, sizeof(jas_cmreal_t))))
+ 			goto error;
+ 		for (i = 0; i < lut->size; ++i) {
+ 			lut->data[i] = curv->ents[i] / 65535.0;
+@@ -953,7 +952,7 @@ static int jas_cmshapmatlut_invert(jas_c
+ 			return -1;
+ 		}
+ 	}
+-	if (!(invlut->data = jas_malloc(n * sizeof(jas_cmreal_t))))
++	if (!(invlut->data = jas_alloc2(n, sizeof(jas_cmreal_t))))
+ 		return -1;
+ 	invlut->size = n;
+ 	for (i = 0; i < invlut->size; ++i) {
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_icc.c jasper-1.900.1/src/libjasper/base/jas_icc.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_icc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -373,7 +373,7 @@ int jas_iccprof_save(jas_iccprof_t *prof
+ 	jas_icctagtab_t *tagtab;
+ 
+ 	tagtab = &prof->tagtab;
+-	if (!(tagtab->ents = jas_malloc(prof->attrtab->numattrs *
++	if (!(tagtab->ents = jas_alloc2(prof->attrtab->numattrs,
+ 	  sizeof(jas_icctagtabent_t))))
+ 		goto error;
+ 	tagtab->numents = prof->attrtab->numattrs;
+@@ -522,7 +522,7 @@ static int jas_iccprof_gettagtab(jas_str
+ 	}
+ 	if (jas_iccgetuint32(in, &tagtab->numents))
+ 		goto error;
+-	if (!(tagtab->ents = jas_malloc(tagtab->numents *
++	if (!(tagtab->ents = jas_alloc2(tagtab->numents,
+ 	  sizeof(jas_icctagtabent_t))))
+ 		goto error;
+ 	tagtabent = tagtab->ents;
+@@ -743,8 +743,7 @@ static int jas_iccattrtab_resize(jas_icc
+ {
+ 	jas_iccattr_t *newattrs;
+ 	assert(maxents >= tab->numattrs);
+-	newattrs = tab->attrs ? jas_realloc(tab->attrs, maxents *
+-	  sizeof(jas_iccattr_t)) : jas_malloc(maxents * sizeof(jas_iccattr_t));
++	newattrs = jas_realloc2(tab->attrs, maxents, sizeof(jas_iccattr_t));
+ 	if (!newattrs)
+ 		return -1;
+ 	tab->attrs = newattrs;
+@@ -999,7 +998,7 @@ static int jas_icccurv_input(jas_iccattr
+ 
+ 	if (jas_iccgetuint32(in, &curv->numents))
+ 		goto error;
+-	if (!(curv->ents = jas_malloc(curv->numents * sizeof(jas_iccuint16_t))))
++	if (!(curv->ents = jas_alloc2(curv->numents, sizeof(jas_iccuint16_t))))
+ 		goto error;
+ 	for (i = 0; i < curv->numents; ++i) {
+ 		if (jas_iccgetuint16(in, &curv->ents[i]))
+@@ -1100,7 +1099,7 @@ static int jas_icctxtdesc_input(jas_icca
+ 	if (jas_iccgetuint32(in, &txtdesc->uclangcode) ||
+ 	  jas_iccgetuint32(in, &txtdesc->uclen))
+ 		goto error;
+-	if (!(txtdesc->ucdata = jas_malloc(txtdesc->uclen * 2)))
++	if (!(txtdesc->ucdata = jas_alloc2(txtdesc->uclen, 2)))
+ 		goto error;
+ 	if (jas_stream_read(in, txtdesc->ucdata, txtdesc->uclen * 2) !=
+ 	  JAS_CAST(int, txtdesc->uclen * 2))
+@@ -1292,17 +1291,17 @@ static int jas_icclut8_input(jas_iccattr
+ 	  jas_iccgetuint16(in, &lut8->numouttabents))
+ 		goto error;
+ 	clutsize = jas_iccpowi(lut8->clutlen, lut8->numinchans) * lut8->numoutchans;
+-	if (!(lut8->clut = jas_malloc(clutsize * sizeof(jas_iccuint8_t))) ||
+-	  !(lut8->intabsbuf = jas_malloc(lut8->numinchans *
+-	  lut8->numintabents * sizeof(jas_iccuint8_t))) ||
+-	  !(lut8->intabs = jas_malloc(lut8->numinchans *
++	if (!(lut8->clut = jas_alloc2(clutsize, sizeof(jas_iccuint8_t))) ||
++	  !(lut8->intabsbuf = jas_alloc3(lut8->numinchans,
++	  lut8->numintabents, sizeof(jas_iccuint8_t))) ||
++	  !(lut8->intabs = jas_alloc2(lut8->numinchans,
+ 	  sizeof(jas_iccuint8_t *))))
+ 		goto error;
+ 	for (i = 0; i < lut8->numinchans; ++i)
+ 		lut8->intabs[i] = &lut8->intabsbuf[i * lut8->numintabents];
+-	if (!(lut8->outtabsbuf = jas_malloc(lut8->numoutchans *
+-	  lut8->numouttabents * sizeof(jas_iccuint8_t))) ||
+-	  !(lut8->outtabs = jas_malloc(lut8->numoutchans *
++	if (!(lut8->outtabsbuf = jas_alloc3(lut8->numoutchans,
++	  lut8->numouttabents, sizeof(jas_iccuint8_t))) ||
++	  !(lut8->outtabs = jas_alloc2(lut8->numoutchans,
+ 	  sizeof(jas_iccuint8_t *))))
+ 		goto error;
+ 	for (i = 0; i < lut8->numoutchans; ++i)
+@@ -1461,17 +1460,17 @@ static int jas_icclut16_input(jas_iccatt
+ 	  jas_iccgetuint16(in, &lut16->numouttabents))
+ 		goto error;
+ 	clutsize = jas_iccpowi(lut16->clutlen, lut16->numinchans) * lut16->numoutchans;
+-	if (!(lut16->clut = jas_malloc(clutsize * sizeof(jas_iccuint16_t))) ||
+-	  !(lut16->intabsbuf = jas_malloc(lut16->numinchans *
+-	  lut16->numintabents * sizeof(jas_iccuint16_t))) ||
+-	  !(lut16->intabs = jas_malloc(lut16->numinchans *
++	if (!(lut16->clut = jas_alloc2(clutsize, sizeof(jas_iccuint16_t))) ||
++	  !(lut16->intabsbuf = jas_alloc3(lut16->numinchans,
++	  lut16->numintabents, sizeof(jas_iccuint16_t))) ||
++	  !(lut16->intabs = jas_alloc2(lut16->numinchans,
+ 	  sizeof(jas_iccuint16_t *))))
+ 		goto error;
+ 	for (i = 0; i < lut16->numinchans; ++i)
+ 		lut16->intabs[i] = &lut16->intabsbuf[i * lut16->numintabents];
+-	if (!(lut16->outtabsbuf = jas_malloc(lut16->numoutchans *
+-	  lut16->numouttabents * sizeof(jas_iccuint16_t))) ||
+-	  !(lut16->outtabs = jas_malloc(lut16->numoutchans *
++	if (!(lut16->outtabsbuf = jas_alloc3(lut16->numoutchans,
++	  lut16->numouttabents, sizeof(jas_iccuint16_t))) ||
++	  !(lut16->outtabs = jas_alloc2(lut16->numoutchans,
+ 	  sizeof(jas_iccuint16_t *))))
+ 		goto error;
+ 	for (i = 0; i < lut16->numoutchans; ++i)
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_image.c jasper-1.900.1/src/libjasper/base/jas_image.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_image.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_image.c	2009-10-22 10:27:45.000000000 +0200
+@@ -142,7 +142,7 @@ jas_image_t *jas_image_create(int numcmp
+ 	image->inmem_ = true;
+ 
+ 	/* Allocate memory for the per-component information. */
+-	if (!(image->cmpts_ = jas_malloc(image->maxcmpts_ *
++	if (!(image->cmpts_ = jas_alloc2(image->maxcmpts_,
+ 	  sizeof(jas_image_cmpt_t *)))) {
+ 		jas_image_destroy(image);
+ 		return 0;
+@@ -774,8 +774,7 @@ static int jas_image_growcmpts(jas_image
+ 	jas_image_cmpt_t **newcmpts;
+ 	int cmptno;
+ 
+-	newcmpts = (!image->cmpts_) ? jas_malloc(maxcmpts * sizeof(jas_image_cmpt_t *)) :
+-	  jas_realloc(image->cmpts_, maxcmpts * sizeof(jas_image_cmpt_t *));
++	newcmpts = jas_realloc2(image->cmpts_, maxcmpts, sizeof(jas_image_cmpt_t *));
+ 	if (!newcmpts) {
+ 		return -1;
+ 	}
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c jasper-1.900.1/src/libjasper/base/jas_malloc.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_malloc.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_malloc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -76,6 +76,9 @@
+ 
+ /* We need the prototype for memset. */
+ #include <string.h>
++#include <limits.h>
++#include <errno.h>
++#include <stdint.h>
+ 
+ #include "jasper/jas_malloc.h"
+ 
+@@ -113,18 +116,50 @@ void jas_free(void *ptr)
+ 
+ void *jas_realloc(void *ptr, size_t size)
+ {
+-	return realloc(ptr, size);
++	return ptr ? realloc(ptr, size) : malloc(size);
+ }
+ 
+-void *jas_calloc(size_t nmemb, size_t size)
++void *jas_realloc2(void *ptr, size_t nmemb, size_t size)
++{
++	if (!ptr)
++		return jas_alloc2(nmemb, size);
++	if (nmemb && SIZE_MAX / nmemb < size) {
++		errno = ENOMEM;
++		return NULL;
++	}
++	return jas_realloc(ptr, nmemb * size);
++
++}
++
++void *jas_alloc2(size_t nmemb, size_t size)
++{
++	if (nmemb && SIZE_MAX / nmemb < size) {
++		errno = ENOMEM;
++		return NULL;
++	}
++
++	return jas_malloc(nmemb * size);
++}
++
++void *jas_alloc3(size_t a, size_t b, size_t c)
+ {
+-	void *ptr;
+ 	size_t n;
+-	n = nmemb * size;
+-	if (!(ptr = jas_malloc(n * sizeof(char)))) {
+-		return 0;
++
++	if (a && SIZE_MAX / a < b) {
++		errno = ENOMEM;
++		return NULL;
+ 	}
+-	memset(ptr, 0, n);
++
++	return jas_alloc2(a*b, c);
++}
++
++void *jas_calloc(size_t nmemb, size_t size)
++{
++	void *ptr;
++
++	ptr = jas_alloc2(nmemb, size);
++	if (ptr)
++		memset(ptr, 0, nmemb*size);
+ 	return ptr;
+ }
+ 
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_seq.c jasper-1.900.1/src/libjasper/base/jas_seq.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_seq.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_seq.c	2009-10-22 10:27:45.000000000 +0200
+@@ -114,7 +114,7 @@ jas_matrix_t *jas_matrix_create(int numr
+ 	matrix->datasize_ = numrows * numcols;
+ 
+ 	if (matrix->maxrows_ > 0) {
+-		if (!(matrix->rows_ = jas_malloc(matrix->maxrows_ *
++		if (!(matrix->rows_ = jas_alloc2(matrix->maxrows_,
+ 		  sizeof(jas_seqent_t *)))) {
+ 			jas_matrix_destroy(matrix);
+ 			return 0;
+@@ -122,7 +122,7 @@ jas_matrix_t *jas_matrix_create(int numr
+ 	}
+ 
+ 	if (matrix->datasize_ > 0) {
+-		if (!(matrix->data_ = jas_malloc(matrix->datasize_ *
++		if (!(matrix->data_ = jas_alloc2(matrix->datasize_,
+ 		  sizeof(jas_seqent_t)))) {
+ 			jas_matrix_destroy(matrix);
+ 			return 0;
+@@ -220,7 +220,7 @@ void jas_matrix_bindsub(jas_matrix_t *ma
+ 	mat0->numrows_ = r1 - r0 + 1;
+ 	mat0->numcols_ = c1 - c0 + 1;
+ 	mat0->maxrows_ = mat0->numrows_;
+-	mat0->rows_ = jas_malloc(mat0->maxrows_ * sizeof(jas_seqent_t *));
++	mat0->rows_ = jas_alloc2(mat0->maxrows_, sizeof(jas_seqent_t *));
+ 	for (i = 0; i < mat0->numrows_; ++i) {
+ 		mat0->rows_[i] = mat1->rows_[r0 + i] + c0;
+ 	}
+diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c
+--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/base/jas_stream.c	2009-10-22 10:27:45.000000000 +0200
+@@ -212,7 +212,7 @@ jas_stream_t *jas_stream_memopen(char *b
+ 	if (buf) {
+ 		obj->buf_ = (unsigned char *) buf;
+ 	} else {
+-		obj->buf_ = jas_malloc(obj->bufsize_ * sizeof(char));
++		obj->buf_ = jas_malloc(obj->bufsize_);
+ 		obj->myalloc_ = 1;
+ 	}
+ 	if (!obj->buf_) {
+@@ -992,7 +992,7 @@ static int mem_resize(jas_stream_memobj_
+ 	unsigned char *buf;
+ 
+ 	assert(m->buf_);
+-	if (!(buf = jas_realloc(m->buf_, bufsize * sizeof(unsigned char)))) {
++	if (!(buf = jas_realloc(m->buf_, bufsize))) {
+ 		return -1;
+ 	}
+ 	m->buf_ = buf;
+diff -pruN jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c jasper-1.900.1/src/libjasper/bmp/bmp_dec.c
+--- jasper-1.900.1.orig/src/libjasper/bmp/bmp_dec.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/bmp/bmp_dec.c	2009-10-22 10:27:45.000000000 +0200
+@@ -283,7 +283,7 @@ static bmp_info_t *bmp_getinfo(jas_strea
+ 	}
+ 
+ 	if (info->numcolors > 0) {
+-		if (!(info->palents = jas_malloc(info->numcolors *
++		if (!(info->palents = jas_alloc2(info->numcolors,
+ 		  sizeof(bmp_palent_t)))) {
+ 			bmp_info_destroy(info);
+ 			return 0;
+diff -pruN jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h jasper-1.900.1/src/libjasper/include/jasper/jas_malloc.h
+--- jasper-1.900.1.orig/src/libjasper/include/jasper/jas_malloc.h	2007-01-19 22:43:04.000000000 +0100
++++ jasper-1.900.1/src/libjasper/include/jasper/jas_malloc.h	2009-10-22 10:27:45.000000000 +0200
+@@ -95,6 +95,9 @@ extern "C" {
+ #define	jas_free	MEMFREE
+ #define	jas_realloc	MEMREALLOC
+ #define	jas_calloc	MEMCALLOC
++#define jas_alloc2(a, b)	MEMALLOC((a)*(b))
++#define jas_alloc3(a, b, c)	MEMALLOC((a)*(b)*(c))
++#define jas_realloc2(p, a, b)	MEMREALLOC((p), (a)*(b))
+ #endif
+ 
+ /******************************************************************************\
+@@ -115,6 +118,12 @@ void *jas_realloc(void *ptr, size_t size
+ /* Allocate a block of memory and initialize the contents to zero. */
+ void *jas_calloc(size_t nmemb, size_t size);
+ 
++/* size-checked double allocation .*/
++void *jas_alloc2(size_t, size_t);
++
++void *jas_alloc3(size_t, size_t, size_t);
++
++void *jas_realloc2(void *, size_t, size_t);
+ #endif
+ 
+ #ifdef __cplusplus
+diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c jasper-1.900.1/src/libjasper/jp2/jp2_cod.c
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_cod.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_cod.c	2009-10-22 10:30:24.000000000 +0200
+@@ -247,7 +247,7 @@ jp2_box_t *jp2_box_get(jas_stream_t *in)
+ 	box = 0;
+ 	tmpstream = 0;
+ 
+-	if (!(box = jas_malloc(sizeof(jp2_box_t)))) {
++	if (!(box = jas_calloc(1, sizeof(jp2_box_t)))) {
+ 		goto error;
+ 	}
+ 	box->ops = &jp2_boxinfo_unk.ops;
+@@ -372,7 +372,7 @@ static int jp2_bpcc_getdata(jp2_box_t *b
+ 	jp2_bpcc_t *bpcc = &box->data.bpcc;
+ 	unsigned int i;
+ 	bpcc->numcmpts = box->datalen;
+-	if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts * sizeof(uint_fast8_t)))) {
++	if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts, sizeof(uint_fast8_t)))) {
+ 		return -1;
+ 	}
+ 	for (i = 0; i < bpcc->numcmpts; ++i) {
+@@ -416,7 +416,7 @@ static int jp2_colr_getdata(jp2_box_t *b
+ 		break;
+ 	case JP2_COLR_ICC:
+ 		colr->iccplen = box->datalen - 3;
+-		if (!(colr->iccp = jas_malloc(colr->iccplen * sizeof(uint_fast8_t)))) {
++		if (!(colr->iccp = jas_alloc2(colr->iccplen, sizeof(uint_fast8_t)))) {
+ 			return -1;
+ 		}
+ 		if (jas_stream_read(in, colr->iccp, colr->iccplen) != colr->iccplen) {
+@@ -453,7 +453,7 @@ static int jp2_cdef_getdata(jp2_box_t *b
+ 	if (jp2_getuint16(in, &cdef->numchans)) {
+ 		return -1;
+ 	}
+-	if (!(cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t)))) {
++	if (!(cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t)))) {
+ 		return -1;
+ 	}
+ 	for (channo = 0; channo < cdef->numchans; ++channo) {
+@@ -766,7 +766,7 @@ static int jp2_cmap_getdata(jp2_box_t *b
+ 	unsigned int i;
+ 
+ 	cmap->numchans = (box->datalen) / 4;
+-	if (!(cmap->ents = jas_malloc(cmap->numchans * sizeof(jp2_cmapent_t)))) {
++	if (!(cmap->ents = jas_alloc2(cmap->numchans, sizeof(jp2_cmapent_t)))) {
+ 		return -1;
+ 	}
+ 	for (i = 0; i < cmap->numchans; ++i) {
+@@ -828,10 +828,10 @@ static int jp2_pclr_getdata(jp2_box_t *b
+ 		return -1;
+ 	}
+ 	lutsize = pclr->numlutents * pclr->numchans;
+-	if (!(pclr->lutdata = jas_malloc(lutsize * sizeof(int_fast32_t)))) {
++	if (!(pclr->lutdata = jas_alloc2(lutsize, sizeof(int_fast32_t)))) {
+ 		return -1;
+ 	}
+-	if (!(pclr->bpc = jas_malloc(pclr->numchans * sizeof(uint_fast8_t)))) {
++	if (!(pclr->bpc = jas_alloc2(pclr->numchans, sizeof(uint_fast8_t)))) {
+ 		return -1;
+ 	}
+ 	for (i = 0; i < pclr->numchans; ++i) {
+diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c jasper-1.900.1/src/libjasper/jp2/jp2_dec.c
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_dec.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_dec.c	2009-10-22 10:27:45.000000000 +0200
+@@ -336,7 +336,7 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 	}
+ 
+ 	/* Allocate space for the channel-number to component-number LUT. */
+-	if (!(dec->chantocmptlut = jas_malloc(dec->numchans * sizeof(uint_fast16_t)))) {
++	if (!(dec->chantocmptlut = jas_alloc2(dec->numchans, sizeof(uint_fast16_t)))) {
+ 		jas_eprintf("error: no memory\n");
+ 		goto error;
+ 	}
+@@ -354,7 +354,7 @@ jas_image_t *jp2_decode(jas_stream_t *in
+ 			if (cmapent->map == JP2_CMAP_DIRECT) {
+ 				dec->chantocmptlut[channo] = channo;
+ 			} else if (cmapent->map == JP2_CMAP_PALETTE) {
+-				lutents = jas_malloc(pclrd->numlutents * sizeof(int_fast32_t));
++				lutents = jas_alloc2(pclrd->numlutents, sizeof(int_fast32_t));
+ 				for (i = 0; i < pclrd->numlutents; ++i) {
+ 					lutents[i] = pclrd->lutdata[cmapent->pcol + i * pclrd->numchans];
+ 				}
+diff -pruN jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c jasper-1.900.1/src/libjasper/jp2/jp2_enc.c
+--- jasper-1.900.1.orig/src/libjasper/jp2/jp2_enc.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jp2/jp2_enc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -191,7 +191,7 @@ int sgnd;
+ 		}
+ 		bpcc = &box->data.bpcc;
+ 		bpcc->numcmpts = jas_image_numcmpts(image);
+-		if (!(bpcc->bpcs = jas_malloc(bpcc->numcmpts *
++		if (!(bpcc->bpcs = jas_alloc2(bpcc->numcmpts,
+ 		  sizeof(uint_fast8_t)))) {
+ 			goto error;
+ 		}
+@@ -285,7 +285,7 @@ int sgnd;
+ 		}
+ 		cdef = &box->data.cdef;
+ 		cdef->numchans = jas_image_numcmpts(image);
+-		cdef->ents = jas_malloc(cdef->numchans * sizeof(jp2_cdefchan_t));
++		cdef->ents = jas_alloc2(cdef->numchans, sizeof(jp2_cdefchan_t));
+ 		for (i = 0; i < jas_image_numcmpts(image); ++i) {
+ 			cdefchanent = &cdef->ents[i];
+ 			cdefchanent->channo = i;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_cs.c	2009-10-22 09:58:16.000000000 +0200
++++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2009-10-22 10:27:45.000000000 +0200
+@@ -502,7 +502,7 @@ static int jpc_siz_getparms(jpc_ms_t *ms
+ 	  !siz->tileheight || !siz->numcomps) {
+ 		return -1;
+ 	}
+-	if (!(siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t)))) {
++	if (!(siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t)))) {
+ 		return -1;
+ 	}
+ 	for (i = 0; i < siz->numcomps; ++i) {
+@@ -986,7 +986,7 @@ static int jpc_qcx_getcompparms(jpc_qcxc
+ 		jpc_qcx_destroycompparms(compparms);
+                 return -1;
+         } else if (compparms->numstepsizes > 0) {
+-		compparms->stepsizes = jas_malloc(compparms->numstepsizes *
++		compparms->stepsizes = jas_alloc2(compparms->numstepsizes,
+ 		  sizeof(uint_fast16_t));
+ 		assert(compparms->stepsizes);
+ 		for (i = 0; i < compparms->numstepsizes; ++i) {
+@@ -1094,7 +1094,7 @@ static int jpc_ppm_getparms(jpc_ms_t *ms
+ 
+ 	ppm->len = ms->len - 1;
+ 	if (ppm->len > 0) {
+-		if (!(ppm->data = jas_malloc(ppm->len * sizeof(unsigned char)))) {
++		if (!(ppm->data = jas_malloc(ppm->len))) {
+ 			goto error;
+ 		}
+ 		if (JAS_CAST(uint, jas_stream_read(in, ppm->data, ppm->len)) != ppm->len) {
+@@ -1163,7 +1163,7 @@ static int jpc_ppt_getparms(jpc_ms_t *ms
+ 	}
+ 	ppt->len = ms->len - 1;
+ 	if (ppt->len > 0) {
+-		if (!(ppt->data = jas_malloc(ppt->len * sizeof(unsigned char)))) {
++		if (!(ppt->data = jas_malloc(ppt->len))) {
+ 			goto error;
+ 		}
+ 		if (jas_stream_read(in, (char *) ppt->data, ppt->len) != JAS_CAST(int, ppt->len)) {
+@@ -1226,7 +1226,7 @@ static int jpc_poc_getparms(jpc_ms_t *ms
+ 	uint_fast8_t tmp;
+ 	poc->numpchgs = (cstate->numcomps > 256) ? (ms->len / 9) :
+ 	  (ms->len / 7);
+-	if (!(poc->pchgs = jas_malloc(poc->numpchgs * sizeof(jpc_pocpchg_t)))) {
++	if (!(poc->pchgs = jas_alloc2(poc->numpchgs, sizeof(jpc_pocpchg_t)))) {
+ 		goto error;
+ 	}
+ 	for (pchgno = 0, pchg = poc->pchgs; pchgno < poc->numpchgs; ++pchgno,
+@@ -1331,7 +1331,7 @@ static int jpc_crg_getparms(jpc_ms_t *ms
+ 	jpc_crgcomp_t *comp;
+ 	uint_fast16_t compno;
+ 	crg->numcomps = cstate->numcomps;
+-	if (!(crg->comps = jas_malloc(cstate->numcomps * sizeof(uint_fast16_t)))) {
++	if (!(crg->comps = jas_alloc2(cstate->numcomps, sizeof(uint_fast16_t)))) {
+ 		return -1;
+ 	}
+ 	for (compno = 0, comp = crg->comps; compno < cstate->numcomps;
+@@ -1470,7 +1470,7 @@ static int jpc_unk_getparms(jpc_ms_t *ms
+ 	cstate = 0;
+ 
+ 	if (ms->len > 0) {
+-		if (!(unk->data = jas_malloc(ms->len * sizeof(unsigned char)))) {
++		if (!(unk->data = jas_malloc(ms->len))) {
+ 			return -1;
+ 		}
+ 		if (jas_stream_read(in, (char *) unk->data, ms->len) != JAS_CAST(int, ms->len)) {
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c jasper-1.900.1/src/libjasper/jpc/jpc_dec.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_dec.c	2009-10-22 09:58:16.000000000 +0200
++++ jasper-1.900.1/src/libjasper/jpc/jpc_dec.c	2009-10-22 10:30:50.000000000 +0200
+@@ -449,7 +449,7 @@ static int jpc_dec_process_sot(jpc_dec_t
+ 
+ 	if (dec->state == JPC_MH) {
+ 
+-		compinfos = jas_malloc(dec->numcomps * sizeof(jas_image_cmptparm_t));
++		compinfos = jas_alloc2(dec->numcomps, sizeof(jas_image_cmptparm_t));
+ 		assert(compinfos);
+ 		for (cmptno = 0, cmpt = dec->cmpts, compinfo = compinfos;
+ 		  cmptno < dec->numcomps; ++cmptno, ++cmpt, ++compinfo) {
+@@ -692,7 +692,7 @@ static int jpc_dec_tileinit(jpc_dec_t *d
+ 			tile->realmode = 1;
+ 		}
+ 		tcomp->numrlvls = ccp->numrlvls;
+-		if (!(tcomp->rlvls = jas_malloc(tcomp->numrlvls *
++		if (!(tcomp->rlvls = jas_alloc2(tcomp->numrlvls,
+ 		  sizeof(jpc_dec_rlvl_t)))) {
+ 			return -1;
+ 		}
+@@ -764,7 +764,7 @@ rlvl->bands = 0;
+ 			  rlvl->cbgheightexpn);
+ 
+ 			rlvl->numbands = (!rlvlno) ? 1 : 3;
+-			if (!(rlvl->bands = jas_malloc(rlvl->numbands *
++			if (!(rlvl->bands = jas_alloc2(rlvl->numbands,
+ 			  sizeof(jpc_dec_band_t)))) {
+ 				return -1;
+ 			}
+@@ -797,7 +797,7 @@ rlvl->bands = 0;
+ 
+ 				assert(rlvl->numprcs);
+ 
+-				if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_dec_prc_t)))) {
++				if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_dec_prc_t)))) {
+ 					return -1;
+ 				}
+ 
+@@ -834,7 +834,7 @@ rlvl->bands = 0;
+ 			if (!(prc->numimsbstagtree = jpc_tagtree_create(prc->numhcblks, prc->numvcblks))) {
+ 				return -1;
+ 			}
+-			if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_dec_cblk_t)))) {
++			if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_dec_cblk_t)))) {
+ 				return -1;
+ 			}
+ 
+@@ -1181,7 +1181,7 @@ static int jpc_dec_process_siz(jpc_dec_t
+ 		return -1;
+ 	}
+ 
+-	if (!(dec->cmpts = jas_malloc(dec->numcomps * sizeof(jpc_dec_cmpt_t)))) {
++	if (!(dec->cmpts = jas_alloc2(dec->numcomps, sizeof(jpc_dec_cmpt_t)))) {
+ 		return -1;
+ 	}
+ 
+@@ -1204,7 +1204,7 @@ static int jpc_dec_process_siz(jpc_dec_t
+ 	dec->numhtiles = JPC_CEILDIV(dec->xend - dec->tilexoff, dec->tilewidth);
+ 	dec->numvtiles = JPC_CEILDIV(dec->yend - dec->tileyoff, dec->tileheight);
+ 	dec->numtiles = dec->numhtiles * dec->numvtiles;
+-	if (!(dec->tiles = jas_malloc(dec->numtiles * sizeof(jpc_dec_tile_t)))) {
++	if (!(dec->tiles = jas_calloc(dec->numtiles, sizeof(jpc_dec_tile_t)))) {
+ 		return -1;
+ 	}
+ 
+@@ -1228,7 +1228,7 @@ static int jpc_dec_process_siz(jpc_dec_t
+ 		tile->pkthdrstreampos = 0;
+ 		tile->pptstab = 0;
+ 		tile->cp = 0;
+-		if (!(tile->tcomps = jas_malloc(dec->numcomps *
++		if (!(tile->tcomps = jas_calloc(dec->numcomps,
+ 		  sizeof(jpc_dec_tcomp_t)))) {
+ 			return -1;
+ 		}
+@@ -1489,7 +1489,7 @@ static jpc_dec_cp_t *jpc_dec_cp_create(u
+ 	cp->numlyrs = 0;
+ 	cp->mctid = 0;
+ 	cp->csty = 0;
+-	if (!(cp->ccps = jas_malloc(cp->numcomps * sizeof(jpc_dec_ccp_t)))) {
++	if (!(cp->ccps = jas_alloc2(cp->numcomps, sizeof(jpc_dec_ccp_t)))) {
+ 		return 0;
+ 	}
+ 	if (!(cp->pchglist = jpc_pchglist_create())) {
+@@ -2048,7 +2048,7 @@ jpc_streamlist_t *jpc_streamlist_create(
+ 	}
+ 	streamlist->numstreams = 0;
+ 	streamlist->maxstreams = 100;
+-	if (!(streamlist->streams = jas_malloc(streamlist->maxstreams *
++	if (!(streamlist->streams = jas_alloc2(streamlist->maxstreams,
+ 	  sizeof(jas_stream_t *)))) {
+ 		jas_free(streamlist);
+ 		return 0;
+@@ -2068,8 +2068,8 @@ int jpc_streamlist_insert(jpc_streamlist
+ 	/* Grow the array of streams if necessary. */
+ 	if (streamlist->numstreams >= streamlist->maxstreams) {
+ 		newmaxstreams = streamlist->maxstreams + 1024;
+-		if (!(newstreams = jas_realloc(streamlist->streams,
+-		  (newmaxstreams + 1024) * sizeof(jas_stream_t *)))) {
++		if (!(newstreams = jas_realloc2(streamlist->streams,
++		  (newmaxstreams + 1024), sizeof(jas_stream_t *)))) {
+ 			return -1;
+ 		}
+ 		for (i = streamlist->numstreams; i < streamlist->maxstreams; ++i) {
+@@ -2155,8 +2155,7 @@ int jpc_ppxstab_grow(jpc_ppxstab_t *tab,
+ {
+ 	jpc_ppxstabent_t **newents;
+ 	if (tab->maxents < maxents) {
+-		newents = (tab->ents) ? jas_realloc(tab->ents, maxents *
+-		  sizeof(jpc_ppxstabent_t *)) : jas_malloc(maxents * sizeof(jpc_ppxstabent_t *));
++		newents = jas_realloc2(tab->ents, maxents, sizeof(jpc_ppxstabent_t *));
+ 		if (!newents) {
+ 			return -1;
+ 		}
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c jasper-1.900.1/src/libjasper/jpc/jpc_enc.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_enc.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_enc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -403,7 +403,7 @@ static jpc_enc_cp_t *cp_create(char *opt
+ 		vsteplcm *= jas_image_cmptvstep(image, cmptno);
+ 	}
+ 
+-	if (!(cp->ccps = jas_malloc(cp->numcmpts * sizeof(jpc_enc_ccp_t)))) {
++	if (!(cp->ccps = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_ccp_t)))) {
+ 		goto error;
+ 	}
+ 	for (cmptno = 0, ccp = cp->ccps; cmptno < JAS_CAST(int, cp->numcmpts); ++cmptno,
+@@ -656,7 +656,7 @@ static jpc_enc_cp_t *cp_create(char *opt
+ 
+ 	if (ilyrrates && numilyrrates > 0) {
+ 		tcp->numlyrs = numilyrrates + 1;
+-		if (!(tcp->ilyrrates = jas_malloc((tcp->numlyrs - 1) *
++		if (!(tcp->ilyrrates = jas_alloc2((tcp->numlyrs - 1),
+ 		  sizeof(jpc_fix_t)))) {
+ 			goto error;
+ 		}
+@@ -940,7 +940,7 @@ startoff = jas_stream_getrwcount(enc->ou
+ 	siz->tilewidth = cp->tilewidth;
+ 	siz->tileheight = cp->tileheight;
+ 	siz->numcomps = cp->numcmpts;
+-	siz->comps = jas_malloc(siz->numcomps * sizeof(jpc_sizcomp_t));
++	siz->comps = jas_alloc2(siz->numcomps, sizeof(jpc_sizcomp_t));
+ 	assert(siz->comps);
+ 	for (i = 0; i < JAS_CAST(int, cp->numcmpts); ++i) {
+ 		siz->comps[i].prec = cp->ccps[i].prec;
+@@ -977,7 +977,7 @@ startoff = jas_stream_getrwcount(enc->ou
+ 		return -1;
+ 	}
+ 	crg = &enc->mrk->parms.crg;
+-	crg->comps = jas_malloc(crg->numcomps * sizeof(jpc_crgcomp_t));
++	crg->comps = jas_alloc2(crg->numcomps, sizeof(jpc_crgcomp_t));
+ 	if (jpc_putms(enc->out, enc->cstate, enc->mrk)) {
+ 		jas_eprintf("cannot write CRG marker\n");
+ 		return -1;
+@@ -1955,7 +1955,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_
+ 	tile->mctid = cp->tcp.mctid;
+ 
+ 	tile->numlyrs = cp->tcp.numlyrs;
+-	if (!(tile->lyrsizes = jas_malloc(tile->numlyrs *
++	if (!(tile->lyrsizes = jas_alloc2(tile->numlyrs,
+ 	  sizeof(uint_fast32_t)))) {
+ 		goto error;
+ 	}
+@@ -1964,7 +1964,7 @@ jpc_enc_tile_t *jpc_enc_tile_create(jpc_
+ 	}
+ 
+ 	/* Allocate an array for the per-tile-component information. */
+-	if (!(tile->tcmpts = jas_malloc(cp->numcmpts * sizeof(jpc_enc_tcmpt_t)))) {
++	if (!(tile->tcmpts = jas_alloc2(cp->numcmpts, sizeof(jpc_enc_tcmpt_t)))) {
+ 		goto error;
+ 	}
+ 	/* Initialize a few members critical for error recovery. */
+@@ -2110,7 +2110,7 @@ static jpc_enc_tcmpt_t *tcmpt_create(jpc
+ 	  jas_seq2d_ystart(tcmpt->data), jas_seq2d_xend(tcmpt->data),
+ 	  jas_seq2d_yend(tcmpt->data), bandinfos);
+ 
+-	if (!(tcmpt->rlvls = jas_malloc(tcmpt->numrlvls * sizeof(jpc_enc_rlvl_t)))) {
++	if (!(tcmpt->rlvls = jas_alloc2(tcmpt->numrlvls, sizeof(jpc_enc_rlvl_t)))) {
+ 		goto error;
+ 	}
+ 	for (rlvlno = 0, rlvl = tcmpt->rlvls; rlvlno < tcmpt->numrlvls;
+@@ -2213,7 +2213,7 @@ static jpc_enc_rlvl_t *rlvl_create(jpc_e
+ 	rlvl->numvprcs = JPC_FLOORDIVPOW2(brprcbry - tlprctly, rlvl->prcheightexpn);
+ 	rlvl->numprcs = rlvl->numhprcs * rlvl->numvprcs;
+ 
+-	if (!(rlvl->bands = jas_malloc(rlvl->numbands * sizeof(jpc_enc_band_t)))) {
++	if (!(rlvl->bands = jas_alloc2(rlvl->numbands, sizeof(jpc_enc_band_t)))) {
+ 		goto error;
+ 	}
+ 	for (bandno = 0, band = rlvl->bands; bandno < rlvl->numbands;
+@@ -2290,7 +2290,7 @@ if (bandinfo->xstart != bandinfo->xend &
+ 	band->synweight = bandinfo->synenergywt;
+ 
+ if (band->data) {
+-	if (!(band->prcs = jas_malloc(rlvl->numprcs * sizeof(jpc_enc_prc_t)))) {
++	if (!(band->prcs = jas_alloc2(rlvl->numprcs, sizeof(jpc_enc_prc_t)))) {
+ 		goto error;
+ 	}
+ 	for (prcno = 0, prc = band->prcs; prcno < rlvl->numprcs; ++prcno,
+@@ -2422,7 +2422,7 @@ if (!rlvlno) {
+ 			goto error;
+ 		}
+ 
+-		if (!(prc->cblks = jas_malloc(prc->numcblks * sizeof(jpc_enc_cblk_t)))) {
++		if (!(prc->cblks = jas_alloc2(prc->numcblks, sizeof(jpc_enc_cblk_t)))) {
+ 			goto error;
+ 		}
+ 		for (cblkno = 0, cblk = prc->cblks; cblkno < prc->numcblks;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c jasper-1.900.1/src/libjasper/jpc/jpc_mqdec.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqdec.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_mqdec.c	2009-10-22 10:27:45.000000000 +0200
+@@ -118,7 +118,7 @@ jpc_mqdec_t *jpc_mqdec_create(int maxctx
+ 	mqdec->in = in;
+ 	mqdec->maxctxs = maxctxs;
+ 	/* Allocate memory for the per-context state information. */
+-	if (!(mqdec->ctxs = jas_malloc(mqdec->maxctxs * sizeof(jpc_mqstate_t *)))) {
++	if (!(mqdec->ctxs = jas_alloc2(mqdec->maxctxs, sizeof(jpc_mqstate_t *)))) {
+ 		goto error;
+ 	}
+ 	/* Set the current context to the first context. */
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c jasper-1.900.1/src/libjasper/jpc/jpc_mqenc.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_mqenc.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_mqenc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -197,7 +197,7 @@ jpc_mqenc_t *jpc_mqenc_create(int maxctx
+ 	mqenc->maxctxs = maxctxs;
+ 
+ 	/* Allocate memory for the per-context state information. */
+-	if (!(mqenc->ctxs = jas_malloc(mqenc->maxctxs * sizeof(jpc_mqstate_t *)))) {
++	if (!(mqenc->ctxs = jas_alloc2(mqenc->maxctxs, sizeof(jpc_mqstate_t *)))) {
+ 		goto error;
+ 	}
+ 
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_qmfb.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_qmfb.c	2009-10-22 10:27:45.000000000 +0200
+@@ -321,7 +321,7 @@ void jpc_qmfb_split_row(jpc_fix_t *a, in
+ #if !defined(HAVE_VLA)
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+@@ -389,7 +389,7 @@ void jpc_qmfb_split_col(jpc_fix_t *a, in
+ #if !defined(HAVE_VLA)
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+@@ -460,7 +460,7 @@ void jpc_qmfb_split_colgrp(jpc_fix_t *a,
+ #if !defined(HAVE_VLA)
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+@@ -549,7 +549,7 @@ void jpc_qmfb_split_colres(jpc_fix_t *a,
+ #if !defined(HAVE_VLA)
+ 	/* Get a buffer. */
+ 	if (bufsize > QMFB_SPLITBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide in this case. */
+ 			abort();
+ 		}
+@@ -633,7 +633,7 @@ void jpc_qmfb_join_row(jpc_fix_t *a, int
+ #if !defined(HAVE_VLA)
+ 	/* Allocate memory for the join buffer from the heap. */
+ 	if (bufsize > QMFB_JOINBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide. */
+ 			abort();
+ 		}
+@@ -698,7 +698,7 @@ void jpc_qmfb_join_col(jpc_fix_t *a, int
+ #if !defined(HAVE_VLA)
+ 	/* Allocate memory for the join buffer from the heap. */
+ 	if (bufsize > QMFB_JOINBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide. */
+ 			abort();
+ 		}
+@@ -766,7 +766,7 @@ void jpc_qmfb_join_colgrp(jpc_fix_t *a, 
+ #if !defined(HAVE_VLA)
+ 	/* Allocate memory for the join buffer from the heap. */
+ 	if (bufsize > QMFB_JOINBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc2(bufsize, JPC_QMFB_COLGRPSIZE * sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide. */
+ 			abort();
+ 		}
+@@ -852,7 +852,7 @@ void jpc_qmfb_join_colres(jpc_fix_t *a, 
+ #if !defined(HAVE_VLA)
+ 	/* Allocate memory for the join buffer from the heap. */
+ 	if (bufsize > QMFB_JOINBUFSIZE) {
+-		if (!(buf = jas_malloc(bufsize * numcols * sizeof(jpc_fix_t)))) {
++		if (!(buf = jas_alloc3(bufsize, numcols, sizeof(jpc_fix_t)))) {
+ 			/* We have no choice but to commit suicide. */
+ 			abort();
+ 		}
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t1enc.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_t1enc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -219,7 +219,7 @@ int jpc_enc_enccblk(jpc_enc_t *enc, jas_
+ 
+ 	cblk->numpasses = (cblk->numbps > 0) ? (3 * cblk->numbps - 2) : 0;
+ 	if (cblk->numpasses > 0) {
+-		cblk->passes = jas_malloc(cblk->numpasses * sizeof(jpc_enc_pass_t));
++		cblk->passes = jas_alloc2(cblk->numpasses, sizeof(jpc_enc_pass_t));
+ 		assert(cblk->passes);
+ 	} else {
+ 		cblk->passes = 0;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2cod.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_t2cod.c	2009-10-22 10:27:45.000000000 +0200
+@@ -573,7 +573,7 @@ int jpc_pchglist_insert(jpc_pchglist_t *
+ 	}
+ 	if (pchglist->numpchgs >= pchglist->maxpchgs) {
+ 		newmaxpchgs = pchglist->maxpchgs + 128;
+-		if (!(newpchgs = jas_realloc(pchglist->pchgs, newmaxpchgs * sizeof(jpc_pchg_t *)))) {
++		if (!(newpchgs = jas_realloc2(pchglist->pchgs, newmaxpchgs, sizeof(jpc_pchg_t *)))) {
+ 			return -1;
+ 		}
+ 		pchglist->maxpchgs = newmaxpchgs;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c jasper-1.900.1/src/libjasper/jpc/jpc_t2dec.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2dec.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_t2dec.c	2009-10-22 10:27:45.000000000 +0200
+@@ -478,7 +478,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
+ 		return 0;
+ 	}
+ 	pi->numcomps = dec->numcomps;
+-	if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
++	if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
+ 		jpc_pi_destroy(pi);
+ 		return 0;
+ 	}
+@@ -490,7 +490,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
+ 	for (compno = 0, tcomp = tile->tcomps, picomp = pi->picomps;
+ 	  compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
+ 		picomp->numrlvls = tcomp->numrlvls;
+-		if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
++		if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls,
+ 		  sizeof(jpc_pirlvl_t)))) {
+ 			jpc_pi_destroy(pi);
+ 			return 0;
+@@ -503,7 +503,7 @@ jpc_pi_t *jpc_dec_pi_create(jpc_dec_t *d
+ 		  rlvlno < picomp->numrlvls; ++rlvlno, ++pirlvl, ++rlvl) {
+ /* XXX sizeof(long) should be sizeof different type */
+ 			pirlvl->numprcs = rlvl->numprcs;
+-			if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
++			if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs,
+ 			  sizeof(long)))) {
+ 				jpc_pi_destroy(pi);
+ 				return 0;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_t2enc.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_t2enc.c	2009-10-22 10:27:45.000000000 +0200
+@@ -565,7 +565,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t
+ 	}
+ 	pi->pktno = -1;
+ 	pi->numcomps = cp->numcmpts;
+-	if (!(pi->picomps = jas_malloc(pi->numcomps * sizeof(jpc_picomp_t)))) {
++	if (!(pi->picomps = jas_alloc2(pi->numcomps, sizeof(jpc_picomp_t)))) {
+ 		jpc_pi_destroy(pi);
+ 		return 0;
+ 	}
+@@ -577,7 +577,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t
+ 	for (compno = 0, tcomp = tile->tcmpts, picomp = pi->picomps;
+ 	  compno < pi->numcomps; ++compno, ++tcomp, ++picomp) {
+ 		picomp->numrlvls = tcomp->numrlvls;
+-		if (!(picomp->pirlvls = jas_malloc(picomp->numrlvls *
++		if (!(picomp->pirlvls = jas_alloc2(picomp->numrlvls,
+ 		  sizeof(jpc_pirlvl_t)))) {
+ 			jpc_pi_destroy(pi);
+ 			return 0;
+@@ -591,7 +591,7 @@ jpc_pi_t *jpc_enc_pi_create(jpc_enc_cp_t
+ /* XXX sizeof(long) should be sizeof different type */
+ 			pirlvl->numprcs = rlvl->numprcs;
+ 			if (rlvl->numprcs) {
+-				if (!(pirlvl->prclyrnos = jas_malloc(pirlvl->numprcs *
++				if (!(pirlvl->prclyrnos = jas_alloc2(pirlvl->numprcs,
+ 				  sizeof(long)))) {
+ 					jpc_pi_destroy(pi);
+ 					return 0;
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_tagtree.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_tagtree.c	2009-10-22 10:27:45.000000000 +0200
+@@ -125,7 +125,7 @@ jpc_tagtree_t *jpc_tagtree_create(int nu
+ 		++numlvls;
+ 	} while (n > 1);
+ 
+-	if (!(tree->nodes_ = jas_malloc(tree->numnodes_ * sizeof(jpc_tagtreenode_t)))) {
++	if (!(tree->nodes_ = jas_alloc2(tree->numnodes_, sizeof(jpc_tagtreenode_t)))) {
+ 		return 0;
+ 	}
+ 
+diff -pruN jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c jasper-1.900.1/src/libjasper/jpc/jpc_util.c
+--- jasper-1.900.1.orig/src/libjasper/jpc/jpc_util.c	2007-01-19 22:43:07.000000000 +0100
++++ jasper-1.900.1/src/libjasper/jpc/jpc_util.c	2009-10-22 10:27:45.000000000 +0200
+@@ -109,7 +109,7 @@ int jpc_atoaf(char *s, int *numvalues, d
+ 	}
+ 
+ 	if (n) {
+-		if (!(vs = jas_malloc(n * sizeof(double)))) {
++		if (!(vs = jas_alloc2(n, sizeof(double)))) {
+ 			return -1;
+ 		}
+ 
+diff -pruN jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c jasper-1.900.1/src/libjasper/mif/mif_cod.c
+--- jasper-1.900.1.orig/src/libjasper/mif/mif_cod.c	2007-01-19 22:43:05.000000000 +0100
++++ jasper-1.900.1/src/libjasper/mif/mif_cod.c	2009-10-22 10:27:45.000000000 +0200
+@@ -438,8 +438,7 @@ static int mif_hdr_growcmpts(mif_hdr_t *
+ 	int cmptno;
+ 	mif_cmpt_t **newcmpts;
+ 	assert(maxcmpts >= hdr->numcmpts);
+-	newcmpts = (!hdr->cmpts) ? jas_malloc(maxcmpts * sizeof(mif_cmpt_t *)) :
+-	  jas_realloc(hdr->cmpts, maxcmpts * sizeof(mif_cmpt_t *));
++	newcmpts = jas_realloc2(hdr->cmpts, maxcmpts, sizeof(mif_cmpt_t *));
+ 	if (!newcmpts) {
+ 		return -1;
+ 	}