LibRaw/CVE-2018-20337.patch

From fbf60377c006eaea8d3eca3f5e4c654909dcdfd2 Mon Sep 17 00:00:00 2001
From: Alex Tutubalin <lexa@lexa.ru>
Date: Wed, 19 Dec 2018 11:15:08 +0300
Subject: [PATCH] possible buffer overrun in Fuji makernotes parser

---
 internal/dcraw_common.cpp | 2 +-

diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp
index 936aebf9..a0cd7226 100644
--- a/internal/dcraw_common.cpp
+++ b/internal/dcraw_common.cpp
@@ -10345,7 +10345,7 @@ void CLASS parse_makernote(int base, int uptag)
             else
               year += 1900;
 
-            ynum_len = (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18;
+            ynum_len = MIN((sizeof(ynum)-1), (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18);
             strncpy(ynum, words[i], ynum_len);
             ynum[ynum_len] = 0;
             for (int j = 0; ynum[j] && ynum[j + 1] && sscanf(ynum + j, "%2x", &c); j += 2)
add patch for CVE-2018-20337 2020-07-13 11:24:45 +08:00			`From fbf60377c006eaea8d3eca3f5e4c654909dcdfd2 Mon Sep 17 00:00:00 2001`
			`From: Alex Tutubalin <lexa@lexa.ru>`
			`Date: Wed, 19 Dec 2018 11:15:08 +0300`
			`Subject: [PATCH] possible buffer overrun in Fuji makernotes parser`

			`---`
			`internal/dcraw_common.cpp \| 2 +-`

			`diff --git a/internal/dcraw_common.cpp b/internal/dcraw_common.cpp`
			`index 936aebf9..a0cd7226 100644`
			`--- a/internal/dcraw_common.cpp`
			`+++ b/internal/dcraw_common.cpp`
			`@@ -10345,7 +10345,7 @@ void CLASS parse_makernote(int base, int uptag)`
			`else`
			`year += 1900;`

			`- ynum_len = (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18;`
			`+ ynum_len = MIN((sizeof(ynum)-1), (int)strnlen(words[i], sizeof(imgdata.shootinginfo.InternalBodySerial) - 1) - 18);`
			`strncpy(ynum, words[i], ynum_len);`
			`ynum[ynum_len] = 0;`
			`for (int j = 0; ynum[j] && ynum[j + 1] && sscanf(ynum + j, "%2x", &c); j += 2)`