From afa3af656f13854c5f9d11fd4066f597b5dbd5b5 Mon Sep 17 00:00:00 2001 From: Human Dynamo Date: Sat, 3 Mar 2018 22:47:47 +0100 Subject: update internal libraw to last 0.18.8 --- NEWS | 2 +- libs/rawengine/libraw/Changelog.txt | 14 ++ libs/rawengine/libraw/internal/dcraw_common.cpp | 141 ++++++++++++--------- .../libraw/internal/libraw_internal_funcs.h | 2 +- libs/rawengine/libraw/libraw/libraw_const.h | 5 + libs/rawengine/libraw/libraw/libraw_version.h | 2 +- libs/rawengine/libraw/src/libraw_cxx.cpp | 10 +- 7 files changed, 113 insertions(+), 63 deletions(-) diff --git a/libs/rawengine/libraw/Changelog.txt b/libs/rawengine/libraw/Changelog.txt index c9fc520..08d6cbe 100644 --- a/core/libs/rawengine/libraw/Changelog.txt +++ b/core/libs/rawengine/libraw/Changelog.txt @@ -1,3 +1,17 @@ +2018-02-23 Alex Tutubalin +Secunia #81000: +Credit: Laurent Delosieres, Secunia Research at Flexera + * leaf_hdr_load_raw: check for image pointer for demosaiced raw + * NOKIARAW parser: check image dimensions readed from file + * quicktake_100_load_raw: check width/height limits + * LibRaw 0.18.8 + +2018-01-29 Alex Tutubalin + * Checks for width+left_margin/height+top_margin not larger than 64k + * LIBRAW_MAX_ALLOC_MB define limits maximum image/raw_image allocation + (default is 2048 so 2Gb per array) + * LibRaw::read_shorts item count is now unsigned + 2018-01-19 Alex Tutubalin Secunia #79000: Credit: Laurent Delosieres, Secunia Research at Flexera diff --git a/libs/rawengine/libraw/internal/dcraw_common.cpp b/libs/rawengine/libraw/internal/dcraw_common.cpp index 520d19a..cfb82a2 100644 --- a/core/libs/rawengine/libraw/internal/dcraw_common.cpp +++ b/core/libs/rawengine/libraw/internal/dcraw_common.cpp @@ -220,7 +220,7 @@ double CLASS getreal (int type) } } -void CLASS read_shorts (ushort *pixel, int count) +void CLASS read_shorts (ushort *pixel, unsigned count) { if (fread (pixel, 2, count, ifp) < count) derror(); if ((order == 0x4949) == (ntohs(0x1234) == 0x1234)) @@ -2077,6 +2077,10 @@ void CLASS leaf_hdr_load_raw() unsigned tile=0, r, c, row, col; if (!filters) { +#ifdef LIBRAW_LIBRARY_BUILD + if(!image) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif pixel = (ushort *) calloc (raw_width, sizeof *pixel); merror (pixel, "leaf_hdr_load_raw()"); } @@ -2606,7 +2610,11 @@ void CLASS quicktake_100_load_raw() 654,665,676,687,698,710,721,732,743,754,766,777,788,799,810,822,833,844, 855,866,878,889,900,911,922,933,945,956,967,978,989,1001,1012,1023 }; int rb, row, col, sharp, val=0; - +#ifdef LIBRAW_LIBRARY_BUILD + if(width>640 || height > 480) + throw LIBRAW_EXCEPTION_IO_CORRUPT; +#endif + getbits(-1); memset (pixel, 0x80, sizeof pixel); for (row=2; row < height+2; row++) { @@ -5849,7 +5857,7 @@ static float powf_lim(float a, float b, float limup) { return (b>limup || b < -limup)?0.f:powf(a,b); } -static float powf64(float a, float b) +static float libraw_powf64(float a, float b) { return powf_lim(a,b,64.f); } @@ -5873,7 +5881,7 @@ static float my_roundf(float x) { static float _CanonConvertAperture(ushort in) { if ((in == (ushort)0xffe0) || (in == (ushort)0x7fff)) return 0.0f; - return powf64(2.0, in/64.0); + return libraw_powf64(2.0, in/64.0); } static float _CanonConvertEV (short in) @@ -6336,21 +6344,21 @@ void CLASS processNikonLensData (uchar *LensData, unsigned len) if (fabsf(imgdata.lens.makernotes.MinFocal) < 1.1f) { if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 2]) - imgdata.lens.makernotes.MinFocal = 5.0f * powf64(2.0f, (float)LensData[i + 2] / 24.0f); + imgdata.lens.makernotes.MinFocal = 5.0f * libraw_powf64(2.0f, (float)LensData[i + 2] / 24.0f); if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 3]) - imgdata.lens.makernotes.MaxFocal = 5.0f * powf64(2.0f, (float)LensData[i + 3] / 24.0f); + imgdata.lens.makernotes.MaxFocal = 5.0f * libraw_powf64(2.0f, (float)LensData[i + 3] / 24.0f); if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 4]) - imgdata.lens.makernotes.MaxAp4MinFocal = powf64(2.0f, (float)LensData[i + 4] / 24.0f); + imgdata.lens.makernotes.MaxAp4MinFocal = libraw_powf64(2.0f, (float)LensData[i + 4] / 24.0f); if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 5]) - imgdata.lens.makernotes.MaxAp4MaxFocal = powf64(2.0f, (float)LensData[i + 5] / 24.0f); + imgdata.lens.makernotes.MaxAp4MaxFocal = libraw_powf64(2.0f, (float)LensData[i + 5] / 24.0f); } imgdata.lens.nikon.NikonMCUVersion = LensData[i + 6]; if (i != 2) { if ((LensData[i - 1]) && (fabsf(imgdata.lens.makernotes.CurFocal) < 1.1f)) - imgdata.lens.makernotes.CurFocal = 5.0f * powf64(2.0f, (float)LensData[i - 1] / 24.0f); - if (LensData[i + 7]) imgdata.lens.nikon.NikonEffectiveMaxAp = powf64(2.0f, (float)LensData[i + 7] / 24.0f); + imgdata.lens.makernotes.CurFocal = 5.0f * libraw_powf64(2.0f, (float)LensData[i - 1] / 24.0f); + if (LensData[i + 7]) imgdata.lens.nikon.NikonEffectiveMaxAp = libraw_powf64(2.0f, (float)LensData[i + 7] / 24.0f); } imgdata.lens.makernotes.LensID = (unsigned long long) LensData[i] << 56 | @@ -6827,13 +6835,13 @@ void CLASS PentaxLensInfo (unsigned id, unsigned len) // tag 0x0207 if (table_buf[iLensData+9] && (fabs(imgdata.lens.makernotes.CurFocal) < 0.1f)) imgdata.lens.makernotes.CurFocal = - 10*(table_buf[iLensData+9]>>2) * powf64(4, (table_buf[iLensData+9] & 0x03)-2); + 10*(table_buf[iLensData+9]>>2) * libraw_powf64(4, (table_buf[iLensData+9] & 0x03)-2); if (table_buf[iLensData+10] & 0xf0) imgdata.lens.makernotes.MaxAp4CurFocal = - powf64(2.0f, (float)((table_buf[iLensData+10] & 0xf0) >>4)/4.0f); + libraw_powf64(2.0f, (float)((table_buf[iLensData+10] & 0xf0) >>4)/4.0f); if (table_buf[iLensData+10] & 0x0f) imgdata.lens.makernotes.MinAp4CurFocal = - powf64(2.0f, (float)((table_buf[iLensData+10] & 0x0f) + 10)/4.0f); + libraw_powf64(2.0f, (float)((table_buf[iLensData+10] & 0x0f) + 10)/4.0f); if (iLensData != 12) { @@ -6854,14 +6862,14 @@ void CLASS PentaxLensInfo (unsigned id, unsigned len) // tag 0x0207 if ((table_buf[iLensData+14] > 1) && (fabs(imgdata.lens.makernotes.MaxAp4CurFocal) < 0.7f)) imgdata.lens.makernotes.MaxAp4CurFocal = - powf64(2.0f, (float)((table_buf[iLensData+14] & 0x7f) -1)/32.0f); + libraw_powf64(2.0f, (float)((table_buf[iLensData+14] & 0x7f) -1)/32.0f); } else if ((id != 0x12e76) && // K-5 (table_buf[iLensData+15] > 1) && (fabs(imgdata.lens.makernotes.MaxAp4CurFocal) < 0.7f)) { imgdata.lens.makernotes.MaxAp4CurFocal = - powf64(2.0f, (float)((table_buf[iLensData+15] & 0x7f) -1)/32.0f); + libraw_powf64(2.0f, (float)((table_buf[iLensData+15] & 0x7f) -1)/32.0f); } } free(table_buf); @@ -7349,11 +7357,11 @@ void CLASS process_Sony_0x9050 (uchar * buf, unsigned id) { if (buf[0]) imgdata.lens.makernotes.MaxAp4CurFocal = - my_roundf(powf64(2.0f, ((float)SonySubstitution[buf[0]] / 8.0 - 1.06f) / 2.0f)*10.0f) / 10.0f; + my_roundf(libraw_powf64(2.0f, ((float)SonySubstitution[buf[0]] / 8.0 - 1.06f) / 2.0f)*10.0f) / 10.0f; if (buf[1]) imgdata.lens.makernotes.MinAp4CurFocal = - my_roundf(powf64(2.0f, ((float)SonySubstitution[buf[1]] / 8.0 - 1.06f) / 2.0f)*10.0f) / 10.0f; + my_roundf(libraw_powf64(2.0f, ((float)SonySubstitution[buf[1]] / 8.0 - 1.06f) / 2.0f)*10.0f) / 10.0f; } if (imgdata.lens.makernotes.CameraMount != LIBRAW_MOUNT_FixedLens) @@ -7363,7 +7371,7 @@ void CLASS process_Sony_0x9050 (uchar * buf, unsigned id) lid = SonySubstitution[buf[0x3d]] << 8 | SonySubstitution[buf[0x3c]]; imgdata.lens.makernotes.CurAp = - powf64(2.0f, ((float)lid/256.0f - 16.0f) / 2.0f); + libraw_powf64(2.0f, ((float)lid/256.0f - 16.0f) / 2.0f); } if (buf[0x105] && (imgdata.lens.makernotes.LensMount != LIBRAW_MOUNT_Canon_EF) && @@ -7749,7 +7757,7 @@ void CLASS parse_makernote_0xc634(int base, int uptag, unsigned dng_writer) { unsigned char cc; fread(&cc, 1, 1, ifp); - iso_speed = (int)(100.0 * powf64(2.0, (double)(cc) / 12.0 - 5.0)); + iso_speed = (int)(100.0 * libraw_powf64(2.0, (double)(cc) / 12.0 - 5.0)); break; } } @@ -7794,7 +7802,7 @@ void CLASS parse_makernote_0xc634(int base, int uptag, unsigned dng_writer) } break; case 0x1002: - imgdata.lens.makernotes.CurAp = powf64(2.0f, getreal(type)/2); + imgdata.lens.makernotes.CurAp = libraw_powf64(2.0f, getreal(type)/2); break; case 0x20100102: stmread(imgdata.shootinginfo.InternalBodySerial, len, ifp); @@ -7821,10 +7829,10 @@ void CLASS parse_makernote_0xc634(int base, int uptag, unsigned dng_writer) stmread(imgdata.lens.makernotes.Lens,len, ifp); break; case 0x20100205: - imgdata.lens.makernotes.MaxAp4MinFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4MinFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100206: - imgdata.lens.makernotes.MaxAp4MaxFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4MaxFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100207: imgdata.lens.makernotes.MinFocal = (float)get2(); @@ -7835,7 +7843,7 @@ void CLASS parse_makernote_0xc634(int base, int uptag, unsigned dng_writer) imgdata.lens.makernotes.MaxFocal = imgdata.lens.makernotes.MinFocal; break; case 0x2010020a: - imgdata.lens.makernotes.MaxAp4CurFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4CurFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100301: imgdata.lens.makernotes.TeleconverterID = fgetc(ifp) << 8; @@ -8144,7 +8152,7 @@ void CLASS parse_makernote_0xc634(int base, int uptag, unsigned dng_writer) lid = (((ushort)table_buf[2])<<8) | ((ushort)table_buf[3]); imgdata.lens.makernotes.CurAp = - powf64(2.0f, ((float)lid/8.0f-1.0f)/2.0f); + libraw_powf64(2.0f, ((float)lid/8.0f-1.0f)/2.0f); } break; case 1536: @@ -8675,7 +8683,7 @@ void CLASS parse_makernote (int base, int uptag) } break; case 0x1002: - imgdata.lens.makernotes.CurAp = powf64(2.0f, getreal(type)/2); + imgdata.lens.makernotes.CurAp = libraw_powf64(2.0f, getreal(type)/2); break; case 0x20401112: imgdata.makernotes.olympus.OlympusCropID = get2(); @@ -8709,10 +8717,10 @@ void CLASS parse_makernote (int base, int uptag) stmread(imgdata.lens.makernotes.Lens, len, ifp); break; case 0x20100205: - imgdata.lens.makernotes.MaxAp4MinFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4MinFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100206: - imgdata.lens.makernotes.MaxAp4MaxFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4MaxFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100207: imgdata.lens.makernotes.MinFocal = (float)get2(); @@ -8723,7 +8731,7 @@ void CLASS parse_makernote (int base, int uptag) imgdata.lens.makernotes.MaxFocal = imgdata.lens.makernotes.MinFocal; break; case 0x2010020a: - imgdata.lens.makernotes.MaxAp4CurFocal = powf64(sqrt(2.0f), get2() / 256.0f); + imgdata.lens.makernotes.MaxAp4CurFocal = libraw_powf64(sqrt(2.0f), get2() / 256.0f); break; case 0x20100301: imgdata.lens.makernotes.TeleconverterID = fgetc(ifp) << 8; @@ -9150,7 +9158,7 @@ void CLASS parse_makernote (int base, int uptag) lid = (((ushort)table_buf[2])<<8) | ((ushort)table_buf[3]); imgdata.lens.makernotes.CurAp = - powf64(2.0f, ((float)lid/8.0f-1.0f)/2.0f); + libraw_powf64(2.0f, ((float)lid/8.0f-1.0f)/2.0f); } break; case 1536: @@ -9248,19 +9256,19 @@ void CLASS parse_makernote (int base, int uptag) { unsigned char cc; fread(&cc,1,1,ifp); - iso_speed = int(100.0 * powf64(2.0f,float(cc)/12.0-5.0)); + iso_speed = int(100.0 * libraw_powf64(2.0f,float(cc)/12.0-5.0)); } if (tag == 4 && len > 26 && len < 35) { if ((i=(get4(),get2())) != 0x7fff && (!iso_speed || iso_speed == 65535)) - iso_speed = 50 * powf64(2.0, i/32.0 - 4); + iso_speed = 50 * libraw_powf64(2.0, i/32.0 - 4); #ifdef LIBRAW_LIBRARY_BUILD get4(); #else if ((i=(get2(),get2())) != 0x7fff && !aperture) - aperture = powf64(2.0, i/64.0); + aperture = libraw_powf64(2.0, i/64.0); #endif if ((i=get2()) != 0xffff && !shutter) - shutter = powf64(2.0, (short) i/-32.0); + shutter = libraw_powf64(2.0, (short) i/-32.0); wbi = (get2(),get2()); shot_order = (get2(),get2()); } @@ -9854,7 +9862,7 @@ void CLASS parse_exif (int base) imgdata.lens.Lens[0] = 0; break; case 0x9205: - imgdata.lens.EXIF_MaxAp = powf64(2.0f, (getreal(type) / 2.0f)); + imgdata.lens.EXIF_MaxAp = libraw_powf64(2.0f, (getreal(type) / 2.0f)); break; #endif case 33434: tiff_ifd[tiff_nifds-1].t_shutter = @@ -9869,11 +9877,11 @@ void CLASS parse_exif (int base) case 36868: get_timestamp(0); break; case 37377: if ((expo = -getreal(type)) < 128 && shutter == 0.) tiff_ifd[tiff_nifds-1].t_shutter = - shutter = powf64(2.0, expo); + shutter = libraw_powf64(2.0, expo); break; case 37378: // 0x9202 ApertureValue if ((fabs(ape = getreal(type))<256.0) && (!aperture)) - aperture = powf64(2.0, ape/2); + aperture = libraw_powf64(2.0, ape/2); break; case 37385: flash_used = getreal(type); break; case 37386: focal_len = getreal(type); break; @@ -10769,7 +10777,7 @@ int CLASS parse_tiff_ifd (int base) imgdata.lens.Lens[0] = 0; break; case 0x9205: - imgdata.lens.EXIF_MaxAp = powf64(2.0f, (getreal(type) / 2.0f)); + imgdata.lens.EXIF_MaxAp = libraw_powf64(2.0f, (getreal(type) / 2.0f)); break; // IB end #endif @@ -11804,22 +11812,22 @@ void CLASS parse_ciff (int offset, int length, int depth) thumb_length = len; } if (type == 0x1818) { - shutter = powf64(2.0f, -int_to_float((get4(),get4()))); - aperture = powf64(2.0f, int_to_float(get4())/2); + shutter = libraw_powf64(2.0f, -int_to_float((get4(),get4()))); + aperture = libraw_powf64(2.0f, int_to_float(get4())/2); #ifdef LIBRAW_LIBRARY_BUILD imgdata.lens.makernotes.CurAp = aperture; #endif } if (type == 0x102a) { // iso_speed = pow (2.0, (get4(),get2())/32.0 - 4) * 50; - iso_speed = powf64(2.0f, ((get2(),get2()) + get2())/32.0f - 5.0f) * 100.0f; + iso_speed = libraw_powf64(2.0f, ((get2(),get2()) + get2())/32.0f - 5.0f) * 100.0f; #ifdef LIBRAW_LIBRARY_BUILD aperture = _CanonConvertAperture((get2(),get2())); imgdata.lens.makernotes.CurAp = aperture; #else - aperture = powf64(2.0, (get2(),(short)get2())/64.0); + aperture = libraw_powf64(2.0, (get2(),(short)get2())/64.0); #endif - shutter = powf64(2.0,-((short)get2())/32.0); + shutter = libraw_powf64(2.0,-((short)get2())/32.0); wbi = (get2(),get2()); if (wbi > 17) wbi = 0; fseek (ifp, 32, SEEK_CUR); @@ -12024,8 +12032,8 @@ void CLASS parse_phase_one (int base) setPhaseOneFeatures(unique_id); break; case 0x0401: - if (type == 4) imgdata.lens.makernotes.CurAp = powf64(2.0f, (int_to_float(data)/2.0f)); - else imgdata.lens.makernotes.CurAp = powf64(2.0f, (getreal(type)/2.0f)); + if (type == 4) imgdata.lens.makernotes.CurAp = libraw_powf64(2.0f, (int_to_float(data)/2.0f)); + else imgdata.lens.makernotes.CurAp = libraw_powf64(2.0f, (getreal(type)/2.0f)); break; case 0x0403: if (type == 4) imgdata.lens.makernotes.CurFocal = int_to_float(data); @@ -12039,16 +12047,16 @@ void CLASS parse_phase_one (int base) break; case 0x0414: if (type == 4) { - imgdata.lens.makernotes.MaxAp4CurFocal = powf64(2.0f, (int_to_float(data)/2.0f)); + imgdata.lens.makernotes.MaxAp4CurFocal = libraw_powf64(2.0f, (int_to_float(data)/2.0f)); } else { - imgdata.lens.makernotes.MaxAp4CurFocal = powf64(2.0f, (getreal(type) / 2.0f)); + imgdata.lens.makernotes.MaxAp4CurFocal = libraw_powf64(2.0f, (getreal(type) / 2.0f)); } break; case 0x0415: if (type == 4) { - imgdata.lens.makernotes.MinAp4CurFocal = powf64(2.0f, (int_to_float(data)/2.0f)); + imgdata.lens.makernotes.MinAp4CurFocal = libraw_powf64(2.0f, (int_to_float(data)/2.0f)); } else { - imgdata.lens.makernotes.MinAp4CurFocal = powf64(2.0f, (getreal(type) / 2.0f)); + imgdata.lens.makernotes.MinAp4CurFocal = libraw_powf64(2.0f, (getreal(type) / 2.0f)); } break; case 0x0416: @@ -14237,15 +14245,15 @@ void CLASS identify() case 18: iso_speed = 320; break; case 19: iso_speed = 400; break; } - shutter = powf64(2.0f, (((float)get4())/8.0f)) / 16000.0f; + shutter = libraw_powf64(2.0f, (((float)get4())/8.0f)) / 16000.0f; FORC4 cam_mul[c ^ (c >> 1)] = get4(); fseek (ifp, 88, SEEK_SET); - aperture = powf64(2.0f, ((float)get4())/16.0f); + aperture = libraw_powf64(2.0f, ((float)get4())/16.0f); fseek (ifp, 112, SEEK_SET); focal_len = get4(); #ifdef LIBRAW_LIBRARY_BUILD fseek (ifp, 104, SEEK_SET); - imgdata.lens.makernotes.MaxAp4CurFocal = powf64(2.0f, ((float)get4())/16.0f); + imgdata.lens.makernotes.MaxAp4CurFocal = libraw_powf64(2.0f, ((float)get4())/16.0f); fseek (ifp, 124, SEEK_SET); stmread(imgdata.lens.makernotes.Lens, 32, ifp); imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_Contax_N; @@ -14311,13 +14319,24 @@ void CLASS identify() i = get4(); width = get2(); height = get2(); - switch (tiff_bps = i*8 / (width * height)) { - case 8: load_raw = &CLASS eight_bit_load_raw; break; - case 10: load_raw = &CLASS nokia_load_raw; - } - raw_height = height + (top_margin = i / (width * tiff_bps/8) - height); - mask[0][3] = 1; - filters = 0x61616161; +#ifdef LIBRAW_LIBRARY_BUILD + // data length should be in range w*h..w*h*2 + if(width*height < (LIBRAW_MAX_ALLOC_MB*1024*512L) && width*height>1 + && i >= width * height && i <= width*height*2) + { +#endif + switch (tiff_bps = i*8 / (width * height)) { + case 8: load_raw = &CLASS eight_bit_load_raw; break; + case 10: load_raw = &CLASS nokia_load_raw; + } + raw_height = height + (top_margin = i / (width * tiff_bps/8) - height); + mask[0][3] = 1; + filters = 0x61616161; +#ifdef LIBRAW_LIBRARY_BUILD + } + else + is_raw = 0; +#endif } else if (!memcmp (head,"ARRI",4)) { order = 0x4949; fseek (ifp, 20, SEEK_SET); @@ -15423,7 +15442,11 @@ bw: colors = 1; #else tiff_bps > 16 #endif - || tiff_samples > 4 || colors > 4 || colors < 1) + || tiff_samples > 4 || colors > 4 || colors < 1 + /* alloc in unpack() may be fooled by size adjust */ + || ( (int)width + (int)left_margin > 65535) + || ( (int)height + (int)top_margin > 65535) + ) { is_raw = 0; #ifdef LIBRAW_LIBRARY_BUILD diff --git a/libs/rawengine/libraw/internal/libraw_internal_funcs.h b/libs/rawengine/libraw/internal/libraw_internal_funcs.h index f10cdcb..e5254d7 100644 --- a/core/libs/rawengine/libraw/internal/libraw_internal_funcs.h +++ b/core/libs/rawengine/libraw/internal/libraw_internal_funcs.h @@ -54,7 +54,7 @@ it under the terms of the one of two licenses as you choose: unsigned getint (int type); float int_to_float (int i); double getreal (int type); - void read_shorts (ushort *pixel, int count); + void read_shorts (ushort *pixel, unsigned count); /* Canon P&S cameras */ void canon_600_fixed_wb (int temp); diff --git a/libs/rawengine/libraw/libraw/libraw_const.h b/libs/rawengine/libraw/libraw/libraw_const.h index bdda5bc..4f03e2f 100644 --- a/core/libs/rawengine/libraw/libraw/libraw_const.h +++ b/core/libs/rawengine/libraw/libraw/libraw_const.h @@ -20,6 +20,11 @@ it under the terms of the one of two licenses as you choose: #define LIBRAW_DEFAULT_ADJUST_MAXIMUM_THRESHOLD 0.75 #define LIBRAW_DEFAULT_AUTO_BRIGHTNESS_THRESHOLD 0.01 +/* limit allocation size, default is 2Gb */ +#ifndef LIBRAW_MAX_ALLOC_MB +#define LIBRAW_MAX_ALLOC_MB 2048L +#endif + enum LibRaw_whitebalance_code { /* diff --git a/libs/rawengine/libraw/libraw/libraw_version.h b/libs/rawengine/libraw/libraw/libraw_version.h index b6cacec..db149f8 100644 --- a/core/libs/rawengine/libraw/libraw/libraw_version.h +++ b/core/libs/rawengine/libraw/libraw/libraw_version.h @@ -22,7 +22,7 @@ it under the terms of the one of two licenses as you choose: #define LIBRAW_MAJOR_VERSION 0 #define LIBRAW_MINOR_VERSION 18 -#define LIBRAW_PATCH_VERSION 7 +#define LIBRAW_PATCH_VERSION 8 #define LIBRAW_VERSION_TAIL Release #define LIBRAW_SHLIB_CURRENT 16 diff --git a/libs/rawengine/libraw/src/libraw_cxx.cpp b/libs/rawengine/libraw/src/libraw_cxx.cpp index d242222..58e34ea 100644 --- a/core/libs/rawengine/libraw/src/libraw_cxx.cpp +++ b/core/libs/rawengine/libraw/src/libraw_cxx.cpp @@ -2436,7 +2436,8 @@ int LibRaw::unpack(void) if(rheight < S.height + S.top_margin) rheight = S.height + S.top_margin; } - + if(rwidth > 65535 || rheight > 65535) // No way to make image larger than 64k pix + throw LIBRAW_EXCEPTION_IO_CORRUPT; imgdata.rawdata.raw_image = 0; imgdata.rawdata.color4_image = 0; imgdata.rawdata.color3_image = 0; @@ -2493,6 +2494,10 @@ int LibRaw::unpack(void) } else if(imgdata.idata.filters || P1.colors == 1) // Bayer image or single color -> decode to raw_image { + + if(INT64(rwidth)*INT64(rheight+8)*sizeof(imgdata.rawdata.raw_image[0]) > LIBRAW_MAX_ALLOC_MB * INT64(1024*1024)) + throw LIBRAW_EXCEPTION_ALLOC; + imgdata.rawdata.raw_alloc = malloc(rwidth*(rheight+8)*sizeof(imgdata.rawdata.raw_image[0])); imgdata.rawdata.raw_image = (ushort*) imgdata.rawdata.raw_alloc; if(!S.raw_pitch) @@ -2508,6 +2513,9 @@ int LibRaw::unpack(void) S.raw_pitch = (decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY_WITH_MARGINS) ? S.raw_width*8 : S.width*8; // allocate image as temporary buffer, size imgdata.rawdata.raw_alloc = 0; + if(INT64(MAX(S.width,S.raw_width))*INT64(MAX(S.height,S.raw_height))*sizeof(*imgdata.image) > LIBRAW_MAX_ALLOC_MB * INT64(1024*1024)) + throw LIBRAW_EXCEPTION_ALLOC; + imgdata.image = (ushort (*)[4]) calloc(unsigned(MAX(S.width,S.raw_width))*unsigned(MAX(S.height,S.raw_height)),sizeof(*imgdata.image)); if(!(decoder_info.decoder_flags & LIBRAW_DECODER_ADOBECOPYPIXEL)) { -- cgit v0.11.2