File libraw-CVE-2017-6887,6886.patch of Package libraw.5734

Index: LibRaw-0.15.4/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.15.4.orig/internal/dcraw_common.cpp	2017-05-23 11:25:12.268578862 +0200
+++ LibRaw-0.15.4/internal/dcraw_common.cpp	2017-05-23 11:25:12.288579204 +0200
@@ -5170,7 +5170,12 @@ int CLASS parse_tiff_ifd (int base)
 	if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].t_width == 3872) {
 	  load_raw = &CLASS sony_arw_load_raw;
 	  data_offset = get4()+base;
-	  ifd++;  break;
+	  ifd++;
+#ifdef LIBRAW_LIBRARY_BUILD
+          if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
+            throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif  
+          break;
 	}
         if(len > 1000) len=1000; /* 1000 SubIFDs is enough */
 	while (len--) {
@@ -5324,6 +5329,8 @@ int CLASS parse_tiff_ifd (int base)
 	break;
       case 50454:			/* Sinar tag */
       case 50455:
+        if (len < 1 || len > 2560000)  
+          break;
 	if (!(cbuf = (char *) malloc(len))) break;
 	fread (cbuf, 1, len, ifp);
 	for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n'))
openSUSE Build Service is sponsored by