Compare commits
No commits in common. 'c9' and 'c8' have entirely different histories.
@ -1 +1 @@
|
||||
0b425d9a5ed873adeeb68ea1b4945745f3ec1507 SOURCES/0.20.2.tar.gz
|
||||
c151995b6f17a0ccef7fbc1dcb982f0ccb04d934 SOURCES/LibRaw-0.19.5.tar.gz
|
||||
|
||||
@ -1 +1 @@
|
||||
SOURCES/0.20.2.tar.gz
|
||||
SOURCES/LibRaw-0.19.5.tar.gz
|
||||
|
||||
@ -0,0 +1,42 @@
|
||||
--- libraw.pc.in~ 2014-01-17 07:38:31.000000000 -0600
|
||||
+++ libraw.pc.in 2014-02-20 14:18:20.559279964 -0600
|
||||
@@ -7,5 +7,6 @@
|
||||
Description: Raw image decoder library (non-thread-safe)
|
||||
Requires: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
-Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@
|
||||
+Libs: -L${libdir} -lraw@PC_OPENMP@
|
||||
+Libs.private: -lstdc++
|
||||
Cflags: -I${includedir}/libraw
|
||||
--- libraw_r.pc.in~ 2014-01-17 07:38:31.000000000 -0600
|
||||
+++ libraw_r.pc.in 2014-02-20 14:20:35.740276947 -0600
|
||||
@@ -7,5 +7,6 @@
|
||||
Description: Raw image decoder library (thread-safe)
|
||||
Requires: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
-Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@
|
||||
+Libs: -L${libdir} -lraw_r@PC_OPENMP@
|
||||
+Libs.private: -lstdc++
|
||||
Cflags: -I${includedir}/libraw
|
||||
--- libraw_r.pc.in~ 2014-02-20 14:22:36.000000000 -0600
|
||||
+++ libraw_r.pc.in 2014-02-20 14:27:24.454267828 -0600
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
Name: libraw
|
||||
Description: Raw image decoder library (thread-safe)
|
||||
-Requires: @PACKAGE_REQUIRES@
|
||||
+Requires.private: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
Libs: -L${libdir} -lraw_r@PC_OPENMP@
|
||||
Libs.private: -lstdc++
|
||||
--- libraw.pc.in~ 2014-02-20 14:22:36.000000000 -0600
|
||||
+++ libraw.pc.in 2014-02-20 14:27:18.368267964 -0600
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
Name: libraw
|
||||
Description: Raw image decoder library (non-thread-safe)
|
||||
-Requires: @PACKAGE_REQUIRES@
|
||||
+Requires.private: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
Libs: -L${libdir} -lraw@PC_OPENMP@
|
||||
Libs.private: -lstdc++
|
||||
@ -0,0 +1,133 @@
|
||||
diff -urNp LibRaw-0.19.5.orig/libraw/libraw_const.h LibRaw-0.19.5/libraw/libraw_const.h
|
||||
--- LibRaw-0.19.5.orig/libraw/libraw_const.h 2020-08-10 18:32:18.669459968 +0200
|
||||
+++ LibRaw-0.19.5/libraw/libraw_const.h 2020-08-10 18:48:10.462282067 +0200
|
||||
@@ -24,6 +24,12 @@ it under the terms of the one of two lic
|
||||
#define LIBRAW_MAX_ALLOC_MB 2048L
|
||||
#endif
|
||||
|
||||
+/* limit thumbnail size, default is 512Mb*/
|
||||
+#ifndef LIBRAW_MAX_THUMBNAIL_MB
|
||||
+#define LIBRAW_MAX_THUMBNAIL_MB 512L
|
||||
+#endif
|
||||
+
|
||||
+
|
||||
/* Change to non-zero to allow (broken) CRW (and other) files metadata
|
||||
loop prevention */
|
||||
#ifndef LIBRAW_METADATA_LOOP_PREVENTION
|
||||
diff -urNp LibRaw-0.19.5.orig/src/libraw_cxx.cpp LibRaw-0.19.5/src/libraw_cxx.cpp
|
||||
--- LibRaw-0.19.5.orig/src/libraw_cxx.cpp 2020-08-10 18:32:18.672459987 +0200
|
||||
+++ LibRaw-0.19.5/src/libraw_cxx.cpp 2020-08-10 18:49:18.616688826 +0200
|
||||
@@ -3712,6 +3712,21 @@ libraw_processed_image_t *LibRaw::dcraw_
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (T.tlength < 64u)
|
||||
+ {
|
||||
+ if (errcode)
|
||||
+ *errcode = EINVAL;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (INT64(T.tlength) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
|
||||
+ {
|
||||
+ if (errcode)
|
||||
+ *errcode = LIBRAW_TOO_BIG;
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+
|
||||
if (T.tformat == LIBRAW_THUMBNAIL_BITMAP)
|
||||
{
|
||||
libraw_processed_image_t *ret = (libraw_processed_image_t *)::malloc(sizeof(libraw_processed_image_t) + T.tlength);
|
||||
@@ -3976,6 +3991,12 @@ void LibRaw::kodak_thumb_loader()
|
||||
if (ID.toffset + est_datasize > ID.input->size() + THUMB_READ_BEYOND)
|
||||
throw LIBRAW_EXCEPTION_IO_EOF;
|
||||
|
||||
+ if(INT64(T.theight) * INT64(T.twidth) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB)
|
||||
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
||||
+
|
||||
+ if (INT64(T.theight) * INT64(T.twidth) < 64ULL)
|
||||
+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
|
||||
+
|
||||
// some kodak cameras
|
||||
ushort s_height = S.height, s_width = S.width, s_iwidth = S.iwidth, s_iheight = S.iheight;
|
||||
ushort s_flags = libraw_internal_data.unpacker_data.load_flags;
|
||||
@@ -4237,6 +4258,25 @@ int LibRaw::unpack_thumb(void)
|
||||
CHECK_ORDER_LOW(LIBRAW_PROGRESS_IDENTIFY);
|
||||
CHECK_ORDER_BIT(LIBRAW_PROGRESS_THUMB_LOAD);
|
||||
|
||||
+#define THUMB_SIZE_CHECKT(A) \
|
||||
+ do { \
|
||||
+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ if (INT64(A) > 0 && INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ } while (0)
|
||||
+
|
||||
+#define THUMB_SIZE_CHECKTNZ(A) \
|
||||
+ do { \
|
||||
+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ if (INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ } while (0)
|
||||
+
|
||||
+
|
||||
+#define THUMB_SIZE_CHECKWH(W,H) \
|
||||
+ do { \
|
||||
+ if (INT64(W)*INT64(H) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ if (INT64(W)*INT64(H) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \
|
||||
+ } while (0)
|
||||
+
|
||||
try
|
||||
{
|
||||
if (!libraw_internal_data.internal_data.input)
|
||||
@@ -4267,6 +4307,7 @@ int LibRaw::unpack_thumb(void)
|
||||
|
||||
if (INT64(ID.toffset) + tsize > ID.input->size() + THUMB_READ_BEYOND)
|
||||
throw LIBRAW_EXCEPTION_IO_EOF;
|
||||
+ THUMB_SIZE_CHECKT(tsize);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -4280,6 +4321,7 @@ int LibRaw::unpack_thumb(void)
|
||||
ID.input->seek(ID.toffset, SEEK_SET);
|
||||
if (write_thumb == &LibRaw::jpeg_thumb)
|
||||
{
|
||||
+ THUMB_SIZE_CHECKTNZ(T.tlength);
|
||||
if (T.thumb)
|
||||
free(T.thumb);
|
||||
T.thumb = (char *)malloc(T.tlength);
|
||||
@@ -4326,6 +4368,7 @@ int LibRaw::unpack_thumb(void)
|
||||
{
|
||||
if (t_bytesps > 1)
|
||||
throw LIBRAW_EXCEPTION_IO_CORRUPT; // 8-bit thumb, but parsed for more bits
|
||||
+ THUMB_SIZE_CHECKWH(T.twidth, T.theight);
|
||||
int t_length = T.twidth * T.theight * t_colors;
|
||||
|
||||
if (T.tlength && T.tlength < t_length) // try to find tiff ifd with needed offset
|
||||
@@ -4351,8 +4394,12 @@ int LibRaw::unpack_thumb(void)
|
||||
T.tcolors = 1;
|
||||
}
|
||||
T.tlength = total_size;
|
||||
+ THUMB_SIZE_CHECKTNZ(T.tlength);
|
||||
if (T.thumb)
|
||||
free(T.thumb);
|
||||
+
|
||||
+ THUMB_SIZE_CHECKTNZ(T.tlength);
|
||||
+
|
||||
T.thumb = (char *)malloc(T.tlength);
|
||||
merror(T.thumb, "ppm_thumb()");
|
||||
|
||||
@@ -4400,10 +4447,15 @@ int LibRaw::unpack_thumb(void)
|
||||
if (t_bytesps > 2)
|
||||
throw LIBRAW_EXCEPTION_IO_CORRUPT; // 16-bit thumb, but parsed for more bits
|
||||
int o_bps = (imgdata.params.raw_processing_options & LIBRAW_PROCESSING_USE_PPM16_THUMBS) ? 2 : 1;
|
||||
+ THUMB_SIZE_CHECKWH(T.twidth, T.theight);
|
||||
int o_length = T.twidth * T.theight * t_colors * o_bps;
|
||||
int i_length = T.twidth * T.theight * t_colors * 2;
|
||||
if (!T.tlength)
|
||||
T.tlength = o_length;
|
||||
+ THUMB_SIZE_CHECKTNZ(o_length);
|
||||
+ THUMB_SIZE_CHECKTNZ(i_length);
|
||||
+ THUMB_SIZE_CHECKTNZ(T.tlength);
|
||||
+
|
||||
ushort *t_thumb = (ushort *)calloc(i_length, 1);
|
||||
ID.input->read(t_thumb, 1, i_length);
|
||||
if ((libraw_internal_data.unpacker_data.order == 0x4949) == (ntohs(0x1234) == 0x1234))
|
||||
@ -0,0 +1,42 @@
|
||||
From 4d463048b9f27a3dc86b7010c198b32d995cd941 Mon Sep 17 00:00:00 2001
|
||||
From: Debarshi Ray <debarshir@gnome.org>
|
||||
Date: Tue, 27 Apr 2021 17:44:09 +0200
|
||||
Subject: [PATCH] Limit loops to MIN(colors,4)
|
||||
|
||||
This is a backport of commit 4feaed4dea636cee for CVE-2020-24870.
|
||||
|
||||
https://github.com/LibRaw/LibRaw/issues/330
|
||||
---
|
||||
internal/dcraw_common.cpp | 9 +++++----
|
||||
1 file changed, 5 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
|
||||
index a36553208194..3e8c009eb08e 100644
|
||||
--- a/internal/dcraw_common.cpp
|
||||
+++ b/internal/dcraw_common.cpp
|
||||
@@ -19598,17 +19598,18 @@ dng_skip:
|
||||
|
||||
if(calidx[colidx] == sidx)
|
||||
{
|
||||
- for (int i = 0; i < colors; i++)
|
||||
+ for (int i = 0; i < colors && i < 4; i++)
|
||||
FORCC
|
||||
cc[i][c] = tiff_ifd[sidx].dng_color[colidx].calibration[i][c];
|
||||
}
|
||||
|
||||
if(abidx == sidx)
|
||||
- for (int i = 0; i < colors; i++)
|
||||
+ for (int i = 0; i < colors && i < 4; i++)
|
||||
FORCC cc[i][c] *= tiff_ifd[sidx].dng_levels.analogbalance[i];
|
||||
int j;
|
||||
- FORCC for (int i = 0; i < 3; i++) for (cam_xyz[c][i] = j = 0; j < colors; j++) cam_xyz[c][i] +=
|
||||
- cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
|
||||
+ FORCC for (int i = 0; i < 3; i++)
|
||||
+ for (cam_xyz[c][i] = j = 0; j < colors && j < 4; j++)
|
||||
+ cam_xyz[c][i] += cc[c][j] * cm[j][i];// add AsShotXY later * xyz[i];
|
||||
cam_xyz_coeff(cmatrix, cam_xyz);
|
||||
}
|
||||
}
|
||||
--
|
||||
2.30.2
|
||||
|
||||
@ -1,40 +0,0 @@
|
||||
From fa329f37dca4a2c938f8abb50ee4a7ef93e64fbb Mon Sep 17 00:00:00 2001
|
||||
From: Alex Tutubalin <lexa@lexa.ru>
|
||||
Date: Mon, 12 Apr 2021 13:21:52 +0300
|
||||
Subject: [PATCH] check for input buffer size on datastream::gets
|
||||
|
||||
---
|
||||
src/libraw_datastream.cpp | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
|
||||
index 606e5de73618..7e95bc749688 100644
|
||||
--- a/src/libraw_datastream.cpp
|
||||
+++ b/src/libraw_datastream.cpp
|
||||
@@ -286,6 +286,7 @@ INT64 LibRaw_file_datastream::tell()
|
||||
|
||||
char *LibRaw_file_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
LR_STREAM_CHK();
|
||||
std::istream is(f.get());
|
||||
is.getline(str, sz);
|
||||
@@ -417,6 +418,7 @@ INT64 LibRaw_buffer_datastream::tell()
|
||||
|
||||
char *LibRaw_buffer_datastream::gets(char *s, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
unsigned char *psrc, *pdest, *str;
|
||||
str = (unsigned char *)s;
|
||||
psrc = buf + streampos;
|
||||
@@ -609,6 +611,7 @@ INT64 LibRaw_bigfile_datastream::tell()
|
||||
|
||||
char *LibRaw_bigfile_datastream::gets(char *str, int sz)
|
||||
{
|
||||
+ if(sz<1) return NULL;
|
||||
LR_BF_CHK();
|
||||
return fgets(str, sz, f);
|
||||
}
|
||||
--
|
||||
2.39.2
|
||||
|
||||
@ -1,26 +0,0 @@
|
||||
--- LibRaw-0.20-Beta1/libraw.pc.in~ 2020-05-13 14:22:12.656424311 +0200
|
||||
+++ LibRaw-0.20-Beta1/libraw.pc.in 2020-05-13 14:22:27.481441569 +0200
|
||||
@@ -5,7 +5,8 @@
|
||||
|
||||
Name: libraw
|
||||
Description: Raw image decoder library (non-thread-safe)
|
||||
-Requires: @PACKAGE_REQUIRES@
|
||||
+Requires.private: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
-Libs: -L${libdir} -lraw -lstdc++@PC_OPENMP@
|
||||
+Libs: -L${libdir} -lraw@PC_OPENMP@
|
||||
+Libs.private: -lstdc++
|
||||
Cflags: -I${includedir}/libraw -I${includedir}
|
||||
--- LibRaw-0.20-Beta1/libraw_r.pc.in~ 2020-05-13 14:22:18.034430572 +0200
|
||||
+++ LibRaw-0.20-Beta1/libraw_r.pc.in 2020-05-13 14:22:27.481441569 +0200
|
||||
@@ -5,7 +5,8 @@
|
||||
|
||||
Name: libraw
|
||||
Description: Raw image decoder library (thread-safe)
|
||||
-Requires: @PACKAGE_REQUIRES@
|
||||
+Requires.private: @PACKAGE_REQUIRES@
|
||||
Version: @PACKAGE_VERSION@
|
||||
-Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@
|
||||
+Libs: -L${libdir} -lraw_r@PC_OPENMP@
|
||||
+Libs.private: -lstdc++
|
||||
Cflags: -I${includedir}/libraw -I${includedir}
|
||||
Loading…
Reference in new issue