Resolves: #1557160 - fix CVE-2018-5801

dcraw-CVE-2018-5801.patch

@@ -0,0 +1,125 @@
+diff -urNp old/dcraw.c new/dcraw.c
+--- old/dcraw.c	2018-06-14 12:38:10.519964843 +0200
++++ new/dcraw.c	2018-06-14 13:31:46.304679761 +0200
+@@ -1248,6 +1248,10 @@ void CLASS nikon_load_raw()
+ 
+ void CLASS nikon_yuv_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   int row, col, yuv[4], rgb[3], b, c;
+   UINT64 bitbuf=0;
+ 
+@@ -1889,6 +1893,10 @@ void CLASS sinar_4shot_load_raw()
+     unpacked_load_raw();
+     return;
+   }
++#ifdef LIBRAW_LIBRARY_BUILD
++  else if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   pixel = (ushort *) calloc (raw_width, sizeof *pixel);
+   merror (pixel, "sinar_4shot_load_raw()");
+   for (shot=0; shot < 4; shot++) {
+@@ -2188,6 +2196,11 @@ void CLASS quicktake_100_load_raw()
+ 
+ void CLASS kodak_radc_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  // All kodak radc images are 768x512
++  if(width>768 || raw_width>768 || height > 512 || raw_height>512 )
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   static const char src[] = {
+     1,1, 2,3, 3,4, 4,2, 5,7, 6,5, 7,6, 7,8,
+     1,0, 2,1, 3,3, 4,4, 5,2, 6,7, 7,6, 8,5, 8,8,
+@@ -2348,6 +2361,10 @@ void CLASS gamma_curve (double pwr, doub
+ 
+ void CLASS lossy_dng_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   struct jpeg_decompress_struct cinfo;
+   struct jpeg_error_mgr jerr;
+   JSAMPARRAY buf;
+@@ -2444,6 +2461,10 @@ void CLASS eight_bit_load_raw()
+ 
+ void CLASS kodak_c330_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   uchar *pixel;
+   int row, col, y, cb, cr, rgb[3], c;
+ 
+@@ -2469,6 +2490,10 @@ void CLASS kodak_c330_load_raw()
+ 
+ void CLASS kodak_c603_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   uchar *pixel;
+   int row, col, y, cb, cr, rgb[3], c;
+ 
+@@ -2596,6 +2621,10 @@ void CLASS kodak_65000_load_raw()
+ 
+ void CLASS kodak_ycbcr_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   short buf[384], *bp;
+   int row, col, len, c, i, j, k, y[2][2], cb, cr, rgb[3];
+   ushort *ip;
+@@ -2624,6 +2653,10 @@ void CLASS kodak_ycbcr_load_raw()
+ 
+ void CLASS kodak_rgb_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   short buf[768], *bp;
+   int row, col, len, c, i, rgb[3];
+   ushort *ip=image[0];
+@@ -2640,6 +2673,10 @@ void CLASS kodak_rgb_load_raw()
+ 
+ void CLASS kodak_thumb_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   int row, col;
+   colors = thumb_misc >> 5;
+   for (row=0; row < height; row++)
+@@ -3109,6 +3146,10 @@ void CLASS foveon_thumb()
+ 
+ void CLASS foveon_sd_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   struct decode *dindex;
+   short diff[1024];
+   unsigned bitbuf=0;
+@@ -3156,6 +3197,10 @@ void CLASS foveon_huff (ushort *huff)
+ 
+ void CLASS foveon_dp_load_raw()
+ {
++#ifdef LIBRAW_LIBRARY_BUILD
++  if(!image)
++    throw LIBRAW_EXCEPTION_IO_CORRUPT;
++#endif
+   unsigned c, roff[4], row, col, diff;
+   ushort huff[512], vpred[2][2], hpred[2];
+ 

dcraw.spec

@@ -6,6 +6,7 @@ License: GPLv2+
 URL: http://cybercom.net/~dcoffin/dcraw
 Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz
 Patch0: dcraw-9.21-lcms2-error-reporting.patch
+Patch1: dcraw-CVE-2018-5801.patch
 BuildRequires: gcc
 BuildRequires: gettext
 BuildRequires: libjpeg-devel
@@ -66,6 +67,7 @@ done
 %changelog
 * Thu Jun 14 2018 Josef Ridky <jridky@redhat.com> - 9.28.0-1
 - New upstream release 9.28.0 (#1585348)
+- Fix CVE-2018-5801 (#1557160)
 
 * Fri Feb 23 2018 Florian Weimer <fweimer@redhat.com> - 9.27.0-8
 - Use LDFLAGS from redhat-rpm-config