Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
libraw
libraw-CVE-2018-5813.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libraw-CVE-2018-5813.patch of Package libraw
Index: LibRaw-0.18.9/internal/dcraw_common.cpp =================================================================== --- LibRaw-0.18.9.orig/internal/dcraw_common.cpp 2018-08-01 13:09:59.722055174 +0200 +++ LibRaw-0.18.9/internal/dcraw_common.cpp 2018-08-01 13:17:49.428465156 +0200 @@ -11623,17 +11623,34 @@ void CLASS apply_tiff() void CLASS parse_minolta (int base) { - int save, tag, len, offset, high=0, wide=0, i, c; + int tag, len, offset, high=0, wide=0, i, c; short sorder=order; +#ifdef LIBRAW_LIBRARY_BUILD + INT64 save; +#else + int save; +#endif fseek (ifp, base, SEEK_SET); if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return; order = fgetc(ifp) * 0x101; offset = base + get4() + 8; +#ifdef LIBRAW_LIBRARY_BUILD + INT64 fsize = ifp->size(); + if(offset>fsize-8) // At least 8 bytes for tag/len + offset = fsize-8; +#endif + while ((save=ftell(ifp)) < offset) { for (tag=i=0; i < 4; i++) tag = tag << 8 | fgetc(ifp); len = get4(); + if(len < 0) + return; // just ignore wrong len?? or raise bad file exception? +#ifdef LIBRAW_LIBRARY_BUILD + if((INT64)len + save + 8ULL > save) + return; // just ignore out of file metadata, stop parse +#endif switch (tag) { case 0x505244: /* PRD */ fseek (ifp, 8, SEEK_CUR);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor