Overview

File libraw-CVE-2025-43963.patch of Package libraw.38397

Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp
+++ LibRaw-0.18.9/internal/dcraw_common.cpp
@@ -1705,7 +1705,8 @@ int CLASS phase_one_correct()
 	mindiff = diff;
 	off_412 = ftell(ifp) - 38;
       }
-    } else if (tag == 0x41f && !qlin_applied) { /* Quadrant linearization */
+    } else if (tag == 0x41f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width
+		&& ph1.split_row > 0 && ph1.split_row < raw_height) { /* Quadrant linearization */
       ushort lc[2][2][16], ref[16];
       int qr, qc;
       for (qr = 0; qr < 2; qr++)
@@ -1765,7 +1766,8 @@ int CLASS phase_one_correct()
 	}
       }
       qmult_applied = 1;
-    } else if (tag == 0x431 && !qmult_applied) { /* Quadrant combined */
+    } else if (tag == 0x431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width
+		&& ph1.split_row > 0 && ph1.split_row < raw_height) { /* Quadrant combined */
       ushort lc[2][2][7], ref[7];
       int qr, qc;
       for (i = 0; i < 7; i++)
openSUSE Build Service is sponsored by
Places