0.16.1: fix for dcraw ljpeg_start() vulnerability

LibRaw · May 11, 2015 · 4606c28 · 4606c28 · LibRaw · Jul 1, 2015
1 parent 0217a0d
commit 4606c28
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 9 deletions.
diff --git a/Changelog.rus b/Changelog.rus
@@ -1,4 +1,8 @@
-2014-01-17 Alex Tutubalin <lexa@lexa.ru>
+2015-05-11 Alex Tutubalin <lexa@lexa.ru>
+  * Исправлена уязвимость в dcraw:ljpeg_start()
+  * LibRaw 0.16.1
+
+2014-01-17 Alex Tutubalin <lexa@lexa.ru>
   * Поддержка камер
     Добавлены: Fujifilm X-E2,XQ1
     Обновлены цветовые данные: Nikon D4, 1 AW1/J3; Fuji X-M2
@@ -13,7 +17,7 @@
   * Исправлены ошибки компиляции при сборке VS2012 с включенным
     OpenMP
   * Исправлена опечатка, не дававшая использовать Demosaic Pack GPL2
-  * LibRaw 0.16.0-Beta1
+  * LibRaw 0.16.0
 
 2013-11-12 Alex Tutubalin <lexa@lexa.ru>
   * Поддержка новых камер

diff --git a/Changelog.txt b/Changelog.txt
@@ -1,3 +1,7 @@
+2015-05-11 Alex Tutubalin <lexa@lexa.ru>
+  * Fix for dcraw ljpeg_start() vulnerability
+  * LibRaw 0.16.1-Release
+
 2014-01-17 Alex Tutubalin <lexa@lexa.ru>
   * Camera support:
      Added: Fujifilm XE2, XQ1

diff --git a/dcraw/dcraw.c b/dcraw/dcraw.c
@@ -841,7 +841,8 @@ struct jhead {
 
 int CLASS ljpeg_start (struct jhead *jh, int info_only)
 {
-  int c, tag, len;
+  int c, tag;
+  ushort len;
   uchar data[0x10000];
   const uchar *dp;
 

diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
@@ -21,6 +21,7 @@ it under the terms of the one of three licenses as you choose:
    for more information
 */
 
+#line 261 "dcraw/dcraw.c"
 #include <math.h>
 #define CLASS LibRaw::
 #include "libraw/libraw_types.h"
@@ -29,6 +30,7 @@ it under the terms of the one of three licenses as you choose:
 #include "libraw/libraw.h"
 #include "internal/defines.h"
 #include "internal/var_defines.h"
+#line 272 "dcraw/dcraw.c"
 int CLASS fcol (int row, int col)
 {
   static const char filter[16][16] =
@@ -75,6 +77,7 @@ char *my_strcasestr (char *haystack, const char *needle)
 }
 #define strcasestr my_strcasestr
 #endif
+#line 340 "dcraw/dcraw.c"
 ushort CLASS sget2 (uchar *s)
 {
   if (order == 0x4949)		/* "II" means little-endian */
@@ -564,10 +567,12 @@ void CLASS canon_load_raw()
 #endif
   FORC(2) free (huff[c]);
 }
+#line 841 "dcraw/dcraw.c"
 
 int CLASS ljpeg_start (struct jhead *jh, int info_only)
 {
-  int c, tag, len;
+  int c, tag;
+  ushort len;
   uchar data[0x10000];
   const uchar *dp;
 
@@ -1153,6 +1158,7 @@ int CLASS minolta_z2()
     if (tail[i]) nz++;
   return nz > 20;
 }
+#line 1436 "dcraw/dcraw.c"
 void CLASS ppm_thumb()
 {
   char *thumb;
@@ -2976,6 +2982,7 @@ void CLASS redcine_load_raw()
 #endif
 #endif
 }
+#line 3983 "dcraw/dcraw.c"
 void CLASS crop_masked_pixels()
 {
   int row, col;
@@ -3081,6 +3088,7 @@ void CLASS remove_zeroes()
   RUN_CALLBACK(LIBRAW_PROGRESS_REMOVE_ZEROES,1,2);
 #endif
 }
+#line 4254 "dcraw/dcraw.c"
 void CLASS gamma_curve (double pwr, double ts, int mode, int imax)
 {
   int i;
@@ -4790,6 +4798,7 @@ void CLASS parse_thumb_note (int base, unsigned toff, unsigned tlen)
     fseek (ifp, save, SEEK_SET);
   }
 }
+#line 5968 "dcraw/dcraw.c"
 void CLASS parse_makernote (int base, int uptag)
 {
   static const uchar xlat[2][256] = {
@@ -5349,6 +5358,7 @@ void CLASS parse_kodak_ifd (int base)
     fseek (ifp, save, SEEK_SET);
   }
 }
+#line 6533 "dcraw/dcraw.c"
 int CLASS parse_tiff_ifd (int base)
 {
   unsigned entries, tag, type, len, plen=16, save;
@@ -6648,6 +6658,7 @@ void CLASS parse_redcine()
     data_offset = get4();
   }
 }
+#line 7936 "dcraw/dcraw.c"
 
 /*
    All matrices are from Adobe DNG Converter unless otherwise noted.
@@ -8923,6 +8934,7 @@ void CLASS identify()
 }
 
 
+#line 10303 "dcraw/dcraw.c"
 void CLASS convert_to_rgb()
 {
 #ifndef LIBRAW_LIBRARY_BUILD
@@ -9153,6 +9165,7 @@ int CLASS flip_index (int row, int col)
   if (flip & 1) col = iwidth  - 1 - col;
   return row * iwidth + col;
 }
+#line 10559 "dcraw/dcraw.c"
 void CLASS tiff_set (ushort *ntag,
 	ushort tag, ushort type, int count, int val)
 {

diff --git a/internal/dcraw_fileio.cpp b/internal/dcraw_fileio.cpp
@@ -21,15 +21,15 @@ it under the terms of the one of three licenses as you choose:
    for more information
 */
 
-#line 4090 "dcraw/dcraw.c"
+#line 4091 "dcraw/dcraw.c"
 #include <math.h>
 #define CLASS LibRaw::
 #include "libraw/libraw_types.h"
 #define LIBRAW_LIBRARY_BUILD
 #include "libraw/libraw.h"
 #include "internal/defines.h"
 #include "internal/var_defines.h"
-#line 4101 "dcraw/dcraw.c"
+#line 4102 "dcraw/dcraw.c"
 /*
    Seach from the current directory up to the root looking for
    a ".badpixels" file, and fix those pixels now.
@@ -54,7 +54,7 @@ void CLASS bad_pixels (const char *cfname)
 #endif
   if (cfname)
     fp = fopen (cfname, "r");
-#line 4151 "dcraw/dcraw.c"
+#line 4152 "dcraw/dcraw.c"
   if (!fp)
       {
 #ifdef LIBRAW_LIBRARY_BUILD
@@ -154,7 +154,7 @@ void CLASS subtract (const char *fname)
   RUN_CALLBACK(LIBRAW_PROGRESS_DARK_FRAME,1,2);
 #endif
 }
-#line 10213 "dcraw/dcraw.c"
+#line 10214 "dcraw/dcraw.c"
 #ifndef NO_LCMS
 void CLASS apply_profile (const char *input, const char *output)
 {

diff --git a/libraw/libraw_version.h b/libraw/libraw_version.h
@@ -25,7 +25,7 @@ it under the terms of the one of three licenses as you choose:
 
 #define LIBRAW_MAJOR_VERSION  0
 #define LIBRAW_MINOR_VERSION  16
-#define LIBRAW_PATCH_VERSION  0
+#define LIBRAW_PATCH_VERSION  1
 #define LIBRAW_VERSION_TAIL   Release
 
 #define LIBRAW_SHLIB_CURRENT  	10