File libraw-CVE-2018-5813.patch of Package libraw

Overview Repositories Revisions Requests Users Attributes Meta

File libraw-CVE-2018-5813.patch of Package libraw (Revision a0079680a4c1d2a619f8f7b471951ee1)

Currently displaying revision a0079680a4c1d2a619f8f7b471951ee1 , Show latest

Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp	2018-08-01 13:09:59.722055174 +0200
+++ LibRaw-0.18.9/internal/dcraw_common.cpp	2018-08-01 13:17:49.428465156 +0200
@@ -11623,17 +11623,34 @@ void CLASS apply_tiff()
 
 void CLASS parse_minolta (int base)
 {
-  int save, tag, len, offset, high=0, wide=0, i, c;
+  int tag, len, offset, high=0, wide=0, i, c;
   short sorder=order;
+#ifdef LIBRAW_LIBRARY_BUILD
+  INT64 save;
+#else
+  int save;
+#endif
 
   fseek (ifp, base, SEEK_SET);
   if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return;
   order = fgetc(ifp) * 0x101;
   offset = base + get4() + 8;
+#ifdef LIBRAW_LIBRARY_BUILD
+  INT64 fsize = ifp->size();
+  if(offset>fsize-8) // At least 8 bytes for tag/len
+    offset = fsize-8;
+#endif
+
   while ((save=ftell(ifp)) < offset) {
     for (tag=i=0; i < 4; i++)
       tag = tag << 8 | fgetc(ifp);
     len = get4();
+    if(len < 0)
+      return; // just ignore wrong len?? or raise bad file exception?
+#ifdef LIBRAW_LIBRARY_BUILD
+    if((INT64)len + save + 8ULL > save)
+      return; // just ignore out of file metadata, stop parse
+#endif
     switch (tag) {
       case 0x505244:				/* PRD */
 	fseek (ifp, 8, SEEK_CUR);

Places

File libraw-CVE-2018-5813.patch of Package libraw (Revision a0079680a4c1d2a619f8f7b471951ee1)

Places