File libraw-CVE-2018-20337.patch of Package libraw.28830

Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp	2019-01-08 14:40:55.409019642 +0100
+++ LibRaw-0.18.9/internal/dcraw_common.cpp	2019-01-08 14:41:56.093345422 +0100
@@ -8482,7 +8482,7 @@ void CLASS parse_makernote (int base, in
              year = (yy[0]-'0')*10 + (yy[1]-'0');
              if (year <70) year += 2000; else year += 1900;
 
-             ynum_len = (int)strnlen(words[i],sizeof(imgdata.shootinginfo.InternalBodySerial)-1)-18;
+             ynum_len = MIN((sizeof(ynum)-1), (int)strnlen(words[i],sizeof(imgdata.shootinginfo.InternalBodySerial)-1)-18);
              strncpy(ynum, words[i], ynum_len);
              ynum[ynum_len] = 0;
              for ( int j = 0; ynum[j] && ynum[j+1] && sscanf(ynum+j, "%2x", &c); j += 2) ystr[j/2] = c;