File libraw-CVE-2018-5808.patch of Package libraw.27864

Overview Repositories Revisions Requests Users Attributes Meta

File libraw-CVE-2018-5808.patch of Package libraw.27864

Index: LibRaw-0.15.4/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.15.4.orig/internal/dcraw_common.cpp	2018-12-11 11:11:24.389644683 +0100
+++ LibRaw-0.15.4/internal/dcraw_common.cpp	2018-12-11 13:25:12.495967290 +0100
@@ -2702,6 +2702,11 @@ void CLASS sony_arw2_load_raw()
   uchar *data, *dp;
   ushort pix[16];
   int row, col, val, max, min, imax, imin, sh, bit, i;
+#ifdef LIBRAW_LIBRARY_BUILD
+  if(raw_width> 32768 || raw_height > 32768)  // definitely too much for old samsung
+    throw LIBRAW_EXCEPTION_IO_BADFILE;
+#endif
+  unsigned maxpixels = raw_width*(raw_height+7);
 
   data = (uchar *) malloc (raw_width);
   merror (data, "sony_arw2_load_raw()");
@@ -7328,7 +7333,8 @@ float CLASS find_green (int bps, int bit
   UINT64 bitbuf=0;
   int vbits, col, i, c;
   ushort img[2][2064];
-  double sum[]={0,0};
+  double sum[] = {0, 0};
+  if(width > 2064) return 0.f; // too wide
 
   FORC(2) {
     fseek (ifp, c ? off1:off0, SEEK_SET);

Places

File libraw-CVE-2018-5808.patch of Package libraw.27864

Places