diff options
Diffstat (limited to 'media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch')
| -rw-r--r-- | media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch new file mode 100644 index 000000000000..9d59ca413fbe --- /dev/null +++ b/media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch @@ -0,0 +1,17 @@ +Fix a buffer overflow bug. See +https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2 + +--- a/dcraw.cc ++++ b/dcraw.cc +@@ -3013,7 +3013,10 @@ + diff = diff ? -diff : 0x80; + if (ftell(ifp) + 12 >= (int) seg[1][1]) + diff = 0; +- raw_image[pix] = pred[pix & 1] += diff; ++ if(pix>=raw_width*raw_height) ++ derror(); ++ else ++ raw_image[pix] = pred[pix & 1] += diff; + if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2; + } + maximum = 0xff; |