From 10a4c5f1dea07d9ad01c31720265da5f7f44ca22 Mon Sep 17 00:00:00 2001
From: heckflosse <heckflosse67@gmx.de>
Date: Sat, 16 Sep 2017 20:04:24 +0200
Subject: [PATCH] CVE-2017-1438 credits; fix for Kodak 65000 out of bounds
 access

---
 rtengine/dcraw.cc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/rtengine/dcraw.cc b/rtengine/dcraw.cc
index 5bda02f86..0976278f0 100644
--- a/rtengine/dcraw.cc
+++ b/rtengine/dcraw.cc
@@ -2930,9 +2930,13 @@ void CLASS kodak_65000_load_raw()
       pred[0] = pred[1] = 0;
       len = MIN (256, width-col);
       ret = kodak_65000_decode (buf, len);
-      for (i=0; i < len; i++)
-	if ((RAW(row,col+i) =	curve[ret ? buf[i] :
-		(pred[i & 1] += buf[i])]) >> 12) derror();
+      for (i=0; i < len; i++) {
+	    int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
+        if(idx >=0 && idx <= 0xffff) {
+          if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
+        } else
+          derror();
+      }
     }
 }