Overview

File libraw-CVE-2017-6890,6899.patch of Package libraw

--- a/dcraw/dcraw.c
+++ b/dcraw/dcraw.c
@@ -319,7 +319,7 @@ void CLASS foveon_huff (ushort *huff)
 void CLASS foveon_dp_load_raw()
 {
   unsigned c, roff[4], row, col, diff;
-  ushort huff[512], vpred[2][2], hpred[2];
+  ushort huff[1024], vpred[2][2], hpred[2];
 
   fseek (ifp, 8, SEEK_CUR);
   foveon_huff (huff);
@@ -346,12 +346,16 @@ void CLASS foveon_dp_load_raw()
 void CLASS foveon_load_camf()
 {
   unsigned type, wide, high, i, j, row, col, diff;
-  ushort huff[258], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
+  ushort huff[1024], vpred[2][2] = {{512,512},{512,512}}, hpred[2];
 
   fseek (ifp, meta_offset, SEEK_SET);
   type = get4();  get4();  get4();
   wide = get4();
   high = get4();
+#ifdef LIBRAW_LIBRARY_BUILD
+  if(wide>32767 || high > 32767 || wide*high > 20000000)
+     throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
   if (type == 2) {
     fread (meta_data, 1, meta_length, ifp);
     for (i=0; i < meta_length; i++) {
openSUSE Build Service is sponsored by
Places