Update of /cvsroot/ufraw/ufraw
In directory sfp-cvs-1.v30.ch3.sourceforge.com:/tmp/cvs-serv3645
Modified Files:
dcraw.cc
Log Message:
Fix bug #396: CVE-2015-3885: don't write past array boundaries. Thanks goes to
Nils Philippsen for the fix.
Index: dcraw.cc
===================================================================
RCS file: /cvsroot/ufraw/ufraw/dcraw.cc,v
retrieving revision 1.334
retrieving revision 1.335
diff -u -d -r1.334 -r1.335
--- dcraw.cc 9 May 2015 03:00:17 -0000 1.334
+++ dcraw.cc 22 May 2015 03:00:08 -0000 1.335
@@ -930,7 +930,8 @@
int CLASS ljpeg_start (struct jhead *jh, int info_only)
{
- int c, tag, len;
+ int c, tag;
+ ushort len;
uchar data[0x10000];
const uchar *dp;
@@ -941,8 +942,9 @@
do {
fread (data, 2, 2, ifp);
tag = data[0] << 8 | data[1];
- len = (data[2] << 8 | data[3]) - 2;
- if (tag <= 0xff00) return 0;
+ len = (data[2] << 8 | data[3]);
+ if (tag <= 0xff00 || len <= 2) return 0;
+ len -= 2;
fread (data, 1, len, ifp);
switch (tag) {
case 0xffc3:
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
ufraw-cvs mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/ufraw-cvs
