dcraw/dcraw-CVE-2017-13735.patch

diff -urNp old/dcraw.c new/dcraw.c
--- old/dcraw.c	2018-07-11 10:33:06.280425391 +0200
+++ new/dcraw.c	2018-07-11 10:45:52.722922118 +0200
@@ -2250,6 +2250,10 @@ void CLASS kodak_radc_load_raw()
     ((short *)buf)[i] = 2048;
   for (row=0; row < height; row+=4) {
     FORC3 mul[c] = getbits(6);
+#ifdef LIBRAW_LIBRARY_BUILD
+    if(!mul[0] || !mul[1] || !mul[2])
+      throw LIBRAW_EXCEPTION_IO_CORRUPT;
+#endif
     FORC3 {
       val = ((0x1000000/last[c] + 0x7ff) >> 12) * mul[c];
       s = val > 65564 ? 10:12;