rpms/dcraw
7
0
Fork 0
Code Issues Pull Requests Releases Activity

remove unnecessary check from CVE-2013-1438 patch

Browse Source
This commit is contained in:
Nils Philippsen 2015-05-20 17:16:22 +02:00
parent acfd386295
commit bee95637be
2 changed files with 18 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
dcraw-9.19-CVE-2013-1438.patch → dcraw-9.25.0-CVE-2013-1438.patch
View File

@ -1,30 +1,23 @@
From 24f099951c3a86f04a29adc7b0dda474a3c44722 Mon Sep 17 00:00:00 2001 From 16a638f66b5a6d5c6e83e817db58a92cfe9f62b6 Mon Sep 17 00:00:00 2001
From: Nils Philippsen <nils@redhat.com> From: Nils Philippsen <nils@redhat.com>
Date: Wed, 25 Sep 2013 15:04:43 +0200 Date: Tue, 19 May 2015 14:58:47 +0200
Subject: [PATCH] CVE-2013-1438: fix various security issues Subject: [PATCH] CVE-2013-1438: fix various security issues
This fixes division by zero, infinite loop, and null pointer dereference This fixes division by zero, infinite loop, and null pointer dereference
bugs. Ported from Alex Tutubalin's fix in LibRaw (commit bugs. Ported from Alex Tutubalin's fix in LibRaw (commit
9ae25d8c3a6bfb40c582538193264f74c9b93bc0). 9ae25d8c3a6bfb40c582538193264f74c9b93bc0).
Don't check 'huff' at the beginning of ljpeg_diff() because it can never
be NULL the way it is called elsewhere in the program.
--- ---
dcraw.c | 33 ++++++++++++++++++++++++--------- dcraw.c | 30 +++++++++++++++++++++---------
1 file changed, 24 insertions(+), 9 deletions(-) 1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/dcraw.c b/dcraw.c diff --git a/dcraw.c b/dcraw.c
index 96e3d1f..dcf284c 100644 index cc7f764..22e0bb5 100644
--- a/dcraw.c --- a/dcraw.c
+++ b/dcraw.c +++ b/dcraw.c
@@ -828,6 +828,9 @@ int CLASS ljpeg_diff (ushort *huff) @@ -939,6 +939,8 @@ void CLASS lossless_jpeg_load_raw()
{
int len, diff;
+ if (!huff)
+ longjmp(failure, 2);
+
len = gethuff(huff);
if (len == 16 && (!dng_version || dng_version >= 0x1010000))
return -32768;
@@ -883,6 +886,8 @@ void CLASS lossless_jpeg_load_raw()
ushort *rp; ushort *rp;
if (!ljpeg_start (&jh, 0)) return; if (!ljpeg_start (&jh, 0)) return;
@ -33,7 +26,7 @@ index 96e3d1f..dcf284c 100644
jwide = jh.wide * jh.clrs; jwide = jh.wide * jh.clrs;
for (jrow=0; jrow < jh.high; jrow++) { for (jrow=0; jrow < jh.high; jrow++) {
@@ -902,6 +907,8 @@ void CLASS lossless_jpeg_load_raw() @@ -958,6 +960,8 @@ void CLASS lossless_jpeg_load_raw()
} }
if (raw_width == 3984 && (col -= 2) < 0) if (raw_width == 3984 && (col -= 2) < 0)
col += (row--,raw_width); col += (row--,raw_width);
@ -42,7 +35,7 @@ index 96e3d1f..dcf284c 100644
if ((unsigned) row < raw_height) RAW(row,col) = val; if ((unsigned) row < raw_height) RAW(row,col) = val;
if (++col >= raw_width) if (++col >= raw_width)
col = (row++,0); col = (row++,0);
@@ -5444,6 +5451,7 @@ int CLASS parse_tiff_ifd (int base) @@ -5783,6 +5787,7 @@ int CLASS parse_tiff_ifd (int base)
data_offset = get4()+base; data_offset = get4()+base;
ifd++; break; ifd++; break;
} }
@ -50,7 +43,7 @@ index 96e3d1f..dcf284c 100644
while (len--) { while (len--) {
i = ftell(ifp); i = ftell(ifp);
fseek (ifp, get4()+base, SEEK_SET); fseek (ifp, get4()+base, SEEK_SET);
@@ -5662,7 +5670,7 @@ guess_cfa_pc: @@ -6010,7 +6015,7 @@ guess_cfa_pc:
break; break;
case 50715: /* BlackLevelDeltaH */ case 50715: /* BlackLevelDeltaH */
case 50716: /* BlackLevelDeltaV */ case 50716: /* BlackLevelDeltaV */
@ -59,7 +52,7 @@ index 96e3d1f..dcf284c 100644
num += getreal(type); num += getreal(type);
black += num/len + 0.5; black += num/len + 0.5;
break; break;
@@ -5787,9 +5795,13 @@ void CLASS apply_tiff() @@ -6135,9 +6140,13 @@ void CLASS apply_tiff()
if (thumb_offset) { if (thumb_offset) {
fseek (ifp, thumb_offset, SEEK_SET); fseek (ifp, thumb_offset, SEEK_SET);
if (ljpeg_start (&jh, 1)) { if (ljpeg_start (&jh, 1)) {
@ -76,7 +69,7 @@ index 96e3d1f..dcf284c 100644
} }
} }
for (i=0; i < tiff_nifds; i++) { for (i=0; i < tiff_nifds; i++) {
@@ -5797,8 +5809,9 @@ void CLASS apply_tiff() @@ -6145,8 +6154,9 @@ void CLASS apply_tiff()
max_samp = tiff_ifd[i].samples; max_samp = tiff_ifd[i].samples;
if (max_samp > 3) max_samp = 3; if (max_samp > 3) max_samp = 3;
if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) && if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) &&
@ -88,7 +81,7 @@ index 96e3d1f..dcf284c 100644
raw_width = tiff_ifd[i].width; raw_width = tiff_ifd[i].width;
raw_height = tiff_ifd[i].height; raw_height = tiff_ifd[i].height;
tiff_bps = tiff_ifd[i].bps; tiff_bps = tiff_ifd[i].bps;
@@ -5884,9 +5897,11 @@ void CLASS apply_tiff() @@ -6240,9 +6250,11 @@ void CLASS apply_tiff()
is_raw = 0; is_raw = 0;
for (i=0; i < tiff_nifds; i++) for (i=0; i < tiff_nifds; i++)
if (i != raw && tiff_ifd[i].samples == max_samp && if (i != raw && tiff_ifd[i].samples == max_samp &&
@ -104,5 +97,5 @@ index 96e3d1f..dcf284c 100644
thumb_height = tiff_ifd[i].height; thumb_height = tiff_ifd[i].height;
thumb_offset = tiff_ifd[i].offset; thumb_offset = tiff_ifd[i].offset;
-- --
1.8.4.2 2.4.1

3
dcraw.spec
View File

@ -6,7 +6,7 @@ Group: Applications/Multimedia
License: GPLv2+ License: GPLv2+
URL: http://cybercom.net/~dcoffin/dcraw URL: http://cybercom.net/~dcoffin/dcraw
Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz Source0: http://cybercom.net/~dcoffin/dcraw/archive/dcraw-%{version}.tar.gz
Patch0: dcraw-9.19-CVE-2013-1438.patch Patch0: dcraw-9.25.0-CVE-2013-1438.patch
Patch1: dcraw-9.21-lcms2-error-reporting.patch Patch1: dcraw-9.21-lcms2-error-reporting.patch
BuildRequires: gettext BuildRequires: gettext
BuildRequires: libjpeg-devel BuildRequires: libjpeg-devel
@ -74,6 +74,7 @@ rm -rf %buildroot
%changelog %changelog
* Wed May 20 2015 Nils Philippsen <nils@redhat.com> - 9.25.0-1 * Wed May 20 2015 Nils Philippsen <nils@redhat.com> - 9.25.0-1
- version 9.25.0 - version 9.25.0
- remove unnecessary check from CVE-2013-1438 patch
* Wed Apr 08 2015 Nils Philippsen <nils@redhat.com> - 9.24.4-1 * Wed Apr 08 2015 Nils Philippsen <nils@redhat.com> - 9.24.4-1
- version 9.24.4 - version 9.24.4