diff options
Diffstat (limited to 'media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch')
-rw-r--r-- | media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch | 44 |
1 files changed, 0 insertions, 44 deletions
diff --git a/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch b/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch deleted file mode 100644 index 78b46b4452e0..000000000000 --- a/media-gfx/ufraw/files/ufraw-0.22-CVE-2018-19655.patch +++ /dev/null @@ -1,44 +0,0 @@ -Description: stack-based buffer overflow bug -Bug-Debian: https://bugs.debian.org/890086 -Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2018-19655 -Author: Filip Hroch <hroch@physics.muni.cz> -Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> -Last-Update: 2018-12-02 - ---- a/dcraw.cc -+++ b/dcraw.cc -@@ -8505,9 +8505,15 @@ float CLASS find_green (int bps, int bit - { - UINT64 bitbuf=0; - int vbits, col, i, c; -- ushort img[2][2064]; -+ ushort *img; - double sum[]={0,0}; - -+#define IMG2D(row,col) \ -+ img[(row)*width+(col)] -+ -+ img = (ushort *) malloc(2*width*sizeof(ushort)); -+ merror (img, "find_green()"); -+ - FORC(2) { - fseek (ifp, c ? off1:off0, SEEK_SET); - for (vbits=col=0; col < width; col++) { -@@ -8516,13 +8522,14 @@ float CLASS find_green (int bps, int bit - for (i=0; i < bite; i+=8) - bitbuf |= (unsigned) (fgetc(ifp) << i); - } -- img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps); -+ IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps); - } - } - FORC(width-1) { -- sum[ c & 1] += ABS(img[0][c]-img[1][c+1]); -- sum[~c & 1] += ABS(img[1][c]-img[0][c+1]); -+ sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1)); -+ sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1)); - } -+ free(img); - return 100 * log(sum[0]/sum[1]); - } - |