File libraw-CVE-2018-5817,5818,5819.patch of Package libraw.openSUSE_Leap_15.2_Update
Index: LibRaw-0.18.9/internal/dcraw_common.cpp
===================================================================
--- LibRaw-0.18.9.orig/internal/dcraw_common.cpp 2019-01-09 13:06:48.692944632 +0100
+++ LibRaw-0.18.9/internal/dcraw_common.cpp 2019-01-09 13:11:35.066329244 +0100
@@ -12009,7 +12009,7 @@ void CLASS parse_rollei()
fseek (ifp, 0, SEEK_SET);
memset (&t, 0, sizeof t);
do {
- fgets (line, 128, ifp);
+ if(!fgets (line, 128, ifp)) break;
if ((val = strchr(line,'=')))
*val++ = 0;
else
@@ -12047,6 +12047,7 @@ void CLASS parse_sinar_ia()
order = 0x4949;
fseek (ifp, 4, SEEK_SET);
entries = get4();
+ if(entries < 1 || entries > 8192) return;
fseek (ifp, get4(), SEEK_SET);
while (entries--) {
off = get4(); get4();
@@ -15610,6 +15611,7 @@ dng_skip:
if(maximum < 0x10000 && curve[maximum]>0 && load_raw == &CLASS sony_arw2_load_raw)
maximum = curve[maximum];
}
+ if(maximum > 0xffff) maximum = 0xffff;
if (!load_raw || height < 22 || width < 22 ||
#ifdef LIBRAW_LIBRARY_BUILD
(tiff_bps > 16 && load_raw != &LibRaw::deflate_dng_load_raw)