File libraw-CVE-2018-5807.patch of Package libraw.8527

Index: LibRaw-0.17.1/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.17.1.orig/internal/dcraw_common.cpp	2018-08-01 15:09:16.782673028 +0200
+++ LibRaw-0.17.1/internal/dcraw_common.cpp	2018-08-01 15:09:16.794673090 +0200
@@ -3375,6 +3375,11 @@ void CLASS sony_arw2_load_raw()
 void CLASS samsung_load_raw()
 {
   int row, col, c, i, dir, op[4], len[4];
+#ifdef LIBRAW_LIBRARY_BUILD
+  if(raw_width> 32768 || raw_height > 32768)  // definitely too much for old samsung
+    throw LIBRAW_EXCEPTION_IO_BADFILE;
+#endif
+  unsigned maxpixels = raw_width*(raw_height+7);
 
   order = 0x4949;
   for (row=0; row < raw_height; row++) {
@@ -3393,11 +3398,17 @@ void CLASS samsung_load_raw()
 	case 2: len[c]--;		break;
 	case 1: len[c]++;
       }
-      for (c=0; c < 16; c+=2) {
-	i = len[((c & 1) << 1) | (c >> 3)];
-        RAW(row,col+c) = ((signed) ph1_bits(i) << (32-i) >> (32-i)) +
-	  (dir ? RAW(row+(~c | -2),col+c) : col ? RAW(row,col+(c | -2)) : 128);
-	if (c == 14) c = -1;
+      for (c = 0; c < 16; c += 2)
+      {
+        i = len[((c & 1) << 1) | (c >> 3)];
+	unsigned idest = RAWINDEX(row, col + c);
+	unsigned isrc = (dir ? RAWINDEX(row + (~c | -2), col + c) : col ? RAWINDEX(row, col + (c | -2)) : 0);
+	if(idest < maxpixels && isrc < maxpixels) // less than zero is handled by unsigned conversion
+  	RAW(row, col + c) = ((signed)ph1_bits(i) << (32 - i) >> (32 - i)) + 			                (dir ? RAW(row + (~c | -2), col + c) : col ? RAW(row, col + (c | -2)) : 128);
+	else
+  	  derror();
+        if (c == 14)
+          c = -1;
       }
     }
   }
Index: LibRaw-0.17.1/internal/defines.h
===================================================================
--- LibRaw-0.17.1.orig/internal/defines.h	2015-11-24 16:17:22.000000000 +0100
+++ LibRaw-0.17.1/internal/defines.h	2018-08-01 15:09:51.306851303 +0200
@@ -152,6 +152,7 @@ typedef unsigned long long UINT64;
 	3 G R G R G R	3 B G B G B G	3 R G R G R G	3 G B G B G B
  */
 
+#define RAWINDEX(row, col) ((row)*raw_width + (col))
 #define RAW(row,col) \
 	raw_image[(row)*raw_width+(col)]
 #define BAYER(row,col) \