From 255d9e83366e78332ec97bcf247aba6b428256f5 Mon Sep 17 00:00:00 2001 From: Jackson Legge Date: Thu, 3 Apr 2025 18:08:38 -0600 Subject: [PATCH 1/4] possibly fixed itcwb from command line? --- rtengine/simpleprocess.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rtengine/simpleprocess.cc b/rtengine/simpleprocess.cc index 5d8631738..c9307d623 100644 --- a/rtengine/simpleprocess.cc +++ b/rtengine/simpleprocess.cc @@ -277,10 +277,10 @@ private: currWB = ColorTemp(params.wb.temperature, params.wb.green, params.wb.equal, params.wb.method, params.wb.observer); ColorTemp currWBitc; - if (params.wb.method == "autitcgreen" && flush) { + if (params.wb.method == "autitcgreen") { imgsrc->getrgbloc(0, 0, fh, fw, 0, 0, fh, fw, params.wb); } - const bool autowb = (params.wb.method == "autitcgreen" && imgsrc->isRAW() && flush); + const bool autowb = (params.wb.method == "autitcgreen" && imgsrc->isRAW()); ColorTemp autoWB; int dread = 0; int bia = 1; From c466177ccfc73b540f85a2d654fd3acb0a2db71c Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Thu, 17 Apr 2025 01:23:03 +0800 Subject: [PATCH 2/4] parse_qt: possible integer overflow --- rtengine/dcraw.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rtengine/dcraw.c b/rtengine/dcraw.c index f97407f26..de5d704fe 100644 --- a/rtengine/dcraw.c +++ b/rtengine/dcraw.c @@ -6817,6 +6817,8 @@ void CLASS parse_qt (int end) while (ftell(ifp)+7 < end) { save = ftell(ifp); if ((size = get4()) < 8) return; + if ((int)size < 0) return; // 2+GB is too much + if (save + size < save) return; // 32bit overflow fread (tag, 4, 1, ifp); if (!memcmp(tag,"moov",4) || !memcmp(tag,"udta",4) || From 137be1f5e45a5002a18a5e392d0f1825d901fdf7 Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Thu, 17 Apr 2025 16:54:06 +0800 Subject: [PATCH 3/4] dcraw.cc: parse_qt: possible integer overflow --- rtengine/dcraw.cc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rtengine/dcraw.cc b/rtengine/dcraw.cc index 55f637f24..b41d2fa10 100644 --- a/rtengine/dcraw.cc +++ b/rtengine/dcraw.cc @@ -7842,6 +7842,8 @@ void CLASS parse_qt (int end) while (ftell(ifp)+7 < end) { save = ftell(ifp); if ((size = get4()) < 8) return; + if ((int)size < 0) return; // 2+GB is too much + if (save + size < save) return; // 32bit overflow fread (tag, 4, 1, ifp); if (!memcmp(tag,"moov",4) || !memcmp(tag,"udta",4) || From 6d190cb5fdfb154af2d83042f67ac818f687dfb0 Mon Sep 17 00:00:00 2001 From: npt-1707 Date: Mon, 21 Apr 2025 21:25:14 +0800 Subject: [PATCH 4/4] Revert "rtengine/draw.c: parse_qt: possible integer overflow" This reverts commit c466177ccfc73b540f85a2d654fd3acb0a2db71c. --- rtengine/dcraw.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/rtengine/dcraw.c b/rtengine/dcraw.c index de5d704fe..f97407f26 100644 --- a/rtengine/dcraw.c +++ b/rtengine/dcraw.c @@ -6817,8 +6817,6 @@ void CLASS parse_qt (int end) while (ftell(ifp)+7 < end) { save = ftell(ifp); if ((size = get4()) < 8) return; - if ((int)size < 0) return; // 2+GB is too much - if (save + size < save) return; // 32bit overflow fread (tag, 4, 1, ifp); if (!memcmp(tag,"moov",4) || !memcmp(tag,"udta",4) ||