CVE-2017-1438 credits; fix for Kodak 65000 out of bounds access

2017-09-16 20:04:24 +02:00 · 2017-09-16 20:04:24 +02:00 · 10a4c5f1de
commit 10a4c5f1de
parent 597c4fbaa1
1 changed files with 7 additions and 3 deletions
--- a/rtengine/dcraw.cc
+++ b/rtengine/dcraw.cc
@ -2930,9 +2930,13 @@ void CLASS kodak_65000_load_raw()
      pred[0] = pred[1] = 0;
      len = MIN (256, width-col);
      ret = kodak_65000_decode (buf, len);
-      for (i=0; i < len; i++)
-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
-		(pred[i & 1] += buf[i])]) >> 12) derror();
+      for (i=0; i < len; i++) {
+	    int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+        if(idx >=0 && idx <= 0xffff) {
+          if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+        } else
+          derror();
+      }
    }
 }