Petr Gajdos
129f943f5f
+ libraw-CVE-2018-5815.patch OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=117
14 lines
587 B
Diff
14 lines
587 B
Diff
Index: LibRaw-0.19.0/dcraw/dcraw.c
|
|
===================================================================
|
|
--- LibRaw-0.19.0.orig/dcraw/dcraw.c 2018-08-01 13:33:31.125280841 +0200
|
|
+++ LibRaw-0.19.0/dcraw/dcraw.c 2018-08-01 13:34:22.757544606 +0200
|
|
@@ -6915,6 +6915,8 @@ void CLASS parse_qt (int end)
|
|
while (ftell(ifp)+7 < end) {
|
|
save = ftell(ifp);
|
|
if ((size = get4()) < 8) return;
|
|
+ if ((int)size < 0) return; // 2+GB is too much
|
|
+ if (save + size < save) return; // 32bit overflow
|
|
fread (tag, 4, 1, ifp);
|
|
if (!memcmp(tag,"moov",4) ||
|
|
!memcmp(tag,"udta",4) ||
|