pool/libraw
SHA256
5
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c5880ab9e9
libraw/libraw-CVE-2018-10528.patch
Petr Gajdos 8834ddc7f5 - security update 
* CVE-2018-10528 [bsc#1091345]
    + libraw-CVE-2018-10528.patch
  * CVE-2018-10529 [bsc#1091346]
    + libraw-CVE-2018-10529.patch

- Updated to version 0.18.9:
  * samsung_load_raw: possible buffer overrun
  * rollei_load_raw: possible buffer overrun
  * nikon_coolscan_load_raw: possible buffer overrun, possible NULL pointer
  * find_green: possible stack overrun
  * parse_exif: possible stack overrun

OBS-URL: https://build.opensuse.org/package/show/graphics/libraw?expand=0&rev=113
2018-04-30 09:43:09 +00:00

38 lines
1.2 KiB
Diff
Raw Blame History

Index: LibRaw-0.18.9/src/libraw_cxx.cpp
===================================================================
--- LibRaw-0.18.9.orig/src/libraw_cxx.cpp 2018-04-30 11:13:15.126021499 +0200
+++ LibRaw-0.18.9/src/libraw_cxx.cpp 2018-04-30 11:16:43.677077398 +0200
@@ -5484,17 +5484,18 @@ void x3f_clear(void *p)
x3f_delete((x3f_t*)p);
}
-static char *utf2char(utf16_t *str, char *buffer)
+void utf2char(utf16_t *str, char *buffer, unsigned bufsz)
{
+ if(bufsz<1) return;
+ buffer[bufsz-1] = 0;
char *b = buffer;
- while (*str != 0x00) {
+ while (*str != 0x00 && --bufsz>0) {
char *chr = (char *)str;
*b++ = *chr;
str++;
}
*b = 0;
- return buffer;
}
static void *lr_memmem(const void *l, size_t l_len, const void *s, size_t s_len)
@@ -5555,8 +5556,8 @@ void LibRaw::parse_x3f()
x3f_property_t *P = PL->property_table.element;
for (i=0; i<PL->num_properties; i++) {
char name[100], value[100];
- utf2char(P[i].name,name);
- utf2char(P[i].value,value);
+ utf2char(P[i].name,name,sizeof(name));
+ utf2char(P[i].value,value,sizeof(value));
if (!strcmp (name, "ISO"))
imgdata.other.iso_speed = atoi(value);
if (!strcmp (name, "CAMMANUF"))
Reference in New Issue View Git Blame Copy Permalink