!68 [sync] PR-65: Fix CVE-2025-43963

From: @openeuler-sync-bot Reviewed-by: @wk333 Signed-off-by: @wk333
2025-04-24 11:21:31 +00:00 · 2025-04-24 11:21:31 +00:00 · caf8d01e95
commit caf8d01e95
parent c1460eb95b d510b9c383
2 changed files with 40 additions and 1 deletions
--- a/LibRaw.spec
+++ b/LibRaw.spec
@ -1,12 +1,13 @@
 Name:          LibRaw
 Version:       0.21.1
-Release:       2
+Release:       3
 Summary:       Library for reading RAW files obtained from digital photo cameras
 License:       BSD-3-Clause and (CDDL-1.0 or  LGPL-2.1-only)
 URL:           http://www.libraw.org
 Source0:       http://github.com/LibRaw/LibRaw/archive/%{version}.tar.gz
 Patch0:        LibRaw-pkgconfig.patch
 Patch1:        CVE-2023-1729.patch
+Patch2:        backport-upstream_CVE-2025-43963.patch

 BuildRequires: gcc-c++ pkgconfig(lcms2) pkgconfig(libjpeg) 
 BuildRequires: autoconf automake libtool make
@ -65,6 +66,9 @@ rm -rfv samples/.deps samples/.dirstamp samples/*.o
 %exclude %{_docdir}/libraw/*

 %changelog
+* Thu Apr 24 2025 hdliu <dev03108@linx-info.com> - 0.21.1-3
+- Fix CVE-2025-43963
+
 * Mon May 15 2023 yaoxin <yao_xin001@hoperun.com> - 0.21.1-2
 - Fix CVE-2023-1729

--- a/backport-upstream_CVE-2025-43963.patch
+++ b/backport-upstream_CVE-2025-43963.patch
@ -0,0 +1,35 @@
+From 131aac64a5d52a140cb94d7619755dcf1ae12160 Mon Sep 17 00:00:00 2001
+From: hdliu <hdliu@linx-info.com>
+Date: Mon, 21 Apr 2025 13:45:05 +0800
+Subject: [PATCH] prevent out-of-buffer access in phase_one_correct()
+
+Signed-off-by: hdliu <hdliu@linx-info.com>
+---
+ src/decoders/load_mfbacks.cpp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/decoders/load_mfbacks.cpp b/src/decoders/load_mfbacks.cpp
+index 493c785..c1c89ee 100644
+--- a/src/decoders/load_mfbacks.cpp
+++ b/src/decoders/load_mfbacks.cpp
+@@ -348,7 +348,7 @@ int LibRaw::phase_one_correct()
+           off_412 = ftell(ifp) - 38;
+         }
+       }
+-      else if (tag == 0x041f && !qlin_applied)
+      else if (tag == 0x041f && !qlin_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant linearization */
+         ushort lc[2][2][16], ref[16];
+         int qr, qc;
+@@ -425,7 +425,7 @@ int LibRaw::phase_one_correct()
+         }
+         qmult_applied = 1;
+       }
+-      else if (tag == 0x0431 && !qmult_applied)
+      else if (tag == 0x0431 && !qmult_applied && ph1.split_col > 0 && ph1.split_col < raw_width && ph1.split_row > 0 && ph1.split_row < raw_height)
+       { /* Quadrant combined - four tile gain calibration */
+         ushort lc[2][2][7], ref[7];
+         int qr, qc;
+-- 
+2.33.0
+