File libraw-CVE-2018-5813.patch of Package libraw.16434
Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp 2018-08-01 13:09:59.722055174 +0200
+++ LibRaw-0.18.9/internal/dcraw_common.cpp 2018-08-01 13:17:49.428465156 +0200
@@ -11623,17 +11623,34 @@ void CLASS apply_tiff()
void CLASS parse_minolta (int base)
{
- int save, tag, len, offset, high=0, wide=0, i, c;
+ int tag, len, offset, high=0, wide=0, i, c;
short sorder=order;
+#ifdef LIBRAW_LIBRARY_BUILD
+ INT64 save;
+#else
+ int save;
+#endif
fseek (ifp, base, SEEK_SET);
if (fgetc(ifp) || fgetc(ifp)-'M' || fgetc(ifp)-'R') return;
order = fgetc(ifp) * 0x101;
offset = base + get4() + 8;
+#ifdef LIBRAW_LIBRARY_BUILD
+ INT64 fsize = ifp->size();
+ if(offset>fsize-8) // At least 8 bytes for tag/len
+ offset = fsize-8;
+#endif
+
while ((save=ftell(ifp)) < offset) {
for (tag=i=0; i < 4; i++)
tag = tag << 8 | fgetc(ifp);
len = get4();
+ if(len < 0)
+ return; // just ignore wrong len?? or raise bad file exception?
+#ifdef LIBRAW_LIBRARY_BUILD
+ if((INT64)len + save + 8ULL > save)
+ return; // just ignore out of file metadata, stop parse
+#endif
switch (tag) {
case 0x505244: /* PRD */
fseek (ifp, 8, SEEK_CUR);