File libraw-CVE-2017-14608.patch of Package libraw.5734

Index: LibRaw-0.15.4/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.15.4.orig/internal/dcraw_common.cpp	2017-10-18 14:15:20.931290322 +0200
+++ LibRaw-0.15.4/internal/dcraw_common.cpp	2017-10-18 14:15:20.939290460 +0200
@@ -2474,8 +2474,15 @@ void CLASS kodak_65000_load_raw()
       len = MIN (256, width-col);
       ret = kodak_65000_decode (buf, len);
       for (i=0; i < len; i++)
-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
-		(pred[i & 1] += buf[i])]) >> 12) derror();
+      {
+	int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+	if(idx >=0 && idx <= 0xffff)
+	 {
+	   if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+         }
+	 else
+	   derror();
+      }
     }
 }
openSUSE Build Service is sponsored by