Package: exactimage / 1.0.2-1

Fix-CVE-2015-8366-Index-overflow-in-smal_decode_segment.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
From: Sven Eckelmann <sven@narfation.org>
Date: Tue, 23 Feb 2016 13:49:12 +0100
Subject: Fix CVE-2015-8366: Index overflow in smal_decode_segment

---
 codecs/dcraw.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/codecs/dcraw.h b/codecs/dcraw.h
index 3f27d11..889e590 100644
--- a/codecs/dcraw.h
+++ b/codecs/dcraw.h
@@ -2916,6 +2916,8 @@ void CLASS smal_decode_segment (unsigned seg[2][2], int holes)
       diff = diff ? -diff : 0x80;
     if (ftell(ifp) + 12 >= seg[1][1])
       diff = 0;
+    if(pix>=raw_width*raw_height)
+        return;
     raw_image[pix] = pred[pix & 1] += diff;
     if (!(pix & 1) && HOLE(pix / raw_width)) pix += 2;
   }