liz/rawTherapee
liz/rawTherapee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CVE-2017-1438 credits; fix for Kodak 65000 out of bounds access

Browse Source
This commit is contained in:
heckflosse 2017-09-16 20:04:24 +02:00
parent 597c4fbaa1
commit 10a4c5f1de
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
rtengine/dcraw.cc
View File

@ -2930,9 +2930,13 @@ void CLASS kodak_65000_load_raw()
pred[0] = pred[1] = 0; pred[0] = pred[1] = 0;
len = MIN (256, width-col); len = MIN (256, width-col);
ret = kodak_65000_decode (buf, len); ret = kodak_65000_decode (buf, len);
for (i=0; i < len; i++) for (i=0; i < len; i++) {
if ((RAW(row,col+i) = curve[ret ? buf[i] : int idx = ret ? buf[i] : (pred[i & 1] += buf[i]);
(pred[i & 1] += buf[i])]) >> 12) derror(); if(idx >=0 && idx <= 0xffff) {
if ((RAW(row,col+i) = curve[idx]) >> 12) derror();
} else
derror();
}
} }
} }