media-gfx/ufraw/files/ufraw-0.22-CVE-2015-8366.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

Fix a buffer overflow bug.  See
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2

--- a/dcraw.cc
+++ b/dcraw.cc
@@ -3013,7 +3013,10 @@
       diff = diff ? -diff : 0x80;
     if (ftell(ifp) + 12 >= (int) seg[1][1])
       diff = 0;
-    raw_image[pix] = pred[pix & 1] += diff;
+    if(pix>=raw_width*raw_height)
+      derror();
+    else
+      raw_image[pix] = pred[pix & 1] += diff;
     if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
   }
   maximum = 0xff;