File dcraw-CVE-2017-14608.patch of Package dcraw

diff -urNp old/dcraw.c new/dcraw.c
--- old/dcraw.c	2018-07-11 10:53:51.141803505 +0200
+++ new/dcraw.c	2018-07-11 11:30:08.850528389 +0200
@@ -2627,8 +2627,15 @@ void CLASS kodak_65000_load_raw()
       len = MIN (256, width-col);
       ret = kodak_65000_decode (buf, len);
       for (i=0; i < len; i++)
-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
-		(pred[i & 1] += buf[i])]) >> 12) derror();
+	{
+	int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+	if(idx >=0 && idx <= 0xffff)
+	 {
+	   if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+         }
+	 else
+	   derror();
+      }	
     }
 }
openSUSE Build Service is sponsored by