File: check-for-input-buffer-size-on-datastream-gets.patch

package info (click to toggle)
libraw 0.20.2-1%2Bdeb11u1
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 3,300 kB
  • sloc: cpp: 50,930; ansic: 967; makefile: 133; sh: 79; perl: 58
file content (43 lines) | stat: -rw-r--r-- 1,299 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
From: Alex Tutubalin <lexa@lexa.ru>
Date: Mon, 12 Apr 2021 13:21:52 +0300
Subject: check for input buffer size on datastream::gets
Origin: https://github.com/LibRaw/LibRaw/commit/bc3aaf4223fdb70d52d470dae65c5a7923ea2a49
Bug: https://github.com/LibRaw/LibRaw/issues/400
Bug-Debian: https://bugs.debian.org/1031790
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32142

---
 src/libraw_datastream.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/libraw_datastream.cpp b/src/libraw_datastream.cpp
index a5c1a84a3a8c..a31ae9dd84db 100644
--- a/src/libraw_datastream.cpp
+++ b/src/libraw_datastream.cpp
@@ -287,6 +287,7 @@ INT64 LibRaw_file_datastream::tell()
 
 char *LibRaw_file_datastream::gets(char *str, int sz)
 {
+  if(sz<1) return NULL;
   LR_STREAM_CHK();
   std::istream is(f.get());
   is.getline(str, sz);
@@ -421,6 +422,7 @@ INT64 LibRaw_buffer_datastream::tell()
 
 char *LibRaw_buffer_datastream::gets(char *s, int sz)
 {
+  if(sz<1) return NULL;
   unsigned char *psrc, *pdest, *str;
   str = (unsigned char *)s;
   psrc = buf + streampos;
@@ -618,6 +620,7 @@ INT64 LibRaw_bigfile_datastream::tell()
 
 char *LibRaw_bigfile_datastream::gets(char *str, int sz)
 {
+  if(sz<1) return NULL;
   LR_BF_CHK();
   return fgets(str, sz, f);
 }
-- 
2.40.1