File libraw-CVE-2018-5815.patch of Package libraw.openSUSE_Leap_15.2_Update

diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index a3dcbcea..041318c5 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -12395,6 +12395,8 @@ void CLASS parse_qt (int end)
   while (ftell(ifp)+7 < end) {
     save = ftell(ifp);
     if ((size = get4()) < 8) return;
+    if ((int)size < 0) return; // 2+GB is too much
+    if (save + size < save) return; // 32bit overflow
     fread (tag, 4, 1, ifp);
     if (!memcmp(tag,"moov",4) ||
 	!memcmp(tag,"udta",4) ||

openSUSE Build Service is sponsored by