File libraw-CVE-2017-13735.patch of Package libraw.5734

Index: LibRaw-0.15.4/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.15.4.orig/internal/dcraw_common.cpp	2017-09-26 13:59:25.870443887 +0200
+++ LibRaw-0.15.4/internal/dcraw_common.cpp	2017-09-26 13:59:25.882444090 +0200
@@ -2115,6 +2115,10 @@ void CLASS kodak_radc_load_raw()
     buf[0][0][i] = 2048;
   for (row=0; row < height; row+=4) {
     FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+    if(!mul[0] || !mul[1] || !mul[2])
+      throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
     FORC3 {
       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
       s = val > 65564 ? 10:12;
openSUSE Build Service is sponsored by