Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.3:Staging:B:DVD
libraw
libraw-CVE-2017-6887,6886.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libraw-CVE-2017-6887,6886.patch of Package libraw
From d7c3d2cb460be10a3ea7b32e9443a83c243b2251 Mon Sep 17 00:00:00 2001 From: Alex Tutubalin <lexa@lexa.ru> Date: Sat, 4 Mar 2017 21:27:39 +0300 Subject: [PATCH] Secunia SA75000 advisory: several buffer overruns --- dcraw/dcraw.c | 12 ++++++++++-- internal/dcraw_common.cpp | 12 ++++++++++-- 2 files changed, 20 insertions(+), 4 deletions(-) Index: LibRaw-0.17.1/dcraw/dcraw.c =================================================================== --- LibRaw-0.17.1.orig/dcraw/dcraw.c 2017-05-23 11:17:22.820561041 +0200 +++ LibRaw-0.17.1/dcraw/dcraw.c 2017-05-23 11:17:22.828561178 +0200 @@ -5842,7 +5842,12 @@ int CLASS parse_tiff_ifd (int base) if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].width == 3872) { load_raw = &CLASS sony_arw_load_raw; data_offset = get4()+base; - ifd++; break; + ifd++; +#ifdef LIBRAW_LIBRARY_BUILD + if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif + break; } while (len--) { i = ftell(ifp); @@ -6006,6 +6011,8 @@ int CLASS parse_tiff_ifd (int base) break; case 50454: /* Sinar tag */ case 50455: + if (len < 1 || len > 2560000) + break; if (!(cbuf = (char *) malloc(len))) break; fread (cbuf, 1, len, ifp); for (cp = cbuf-1; cp && cp < cbuf+len; cp = strchr(cp,'\n')) Index: LibRaw-0.17.1/internal/dcraw_common.cpp =================================================================== --- LibRaw-0.17.1.orig/internal/dcraw_common.cpp 2017-05-23 11:17:22.812560905 +0200 +++ LibRaw-0.17.1/internal/dcraw_common.cpp 2017-05-23 11:18:55.722147056 +0200 @@ -9064,7 +9064,12 @@ int CLASS parse_tiff_ifd (int base) if (!strcmp(model,"DSLR-A100") && tiff_ifd[ifd].t_width == 3872) { load_raw = &CLASS sony_arw_load_raw; data_offset = get4()+base; - ifd++; break; + ifd++; +#ifdef LIBRAW_LIBRARY_BUILD + if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0]) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif + break; } #ifdef LIBRAW_LIBRARY_BUILD if (!strncmp(make,"Hasselblad",10) && libraw_internal_data.unpacker_data.hasselblad_parser_flag) { @@ -9316,6 +9321,8 @@ int CLASS parse_tiff_ifd (int base) break; case 50454: /* Sinar tag */ case 50455: + if (len < 1 || len > 2560000) + break; if (!(cbuf = (char *) malloc(len))) break; #ifndef LIBRAW_LIBRARY_BUILD fread (cbuf, 1, len, ifp);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor