File libraw-CVE-2018-10528.patch of Package libraw.30666

Overview Repositories Revisions Requests Users Attributes Meta

File libraw-CVE-2018-10528.patch of Package libraw.30666

Index: LibRaw-0.18.9/src/libraw_cxx.cpp
===================================================================
--- LibRaw-0.18.9.orig/src/libraw_cxx.cpp	2018-04-30 11:13:15.126021499 +0200
+++ LibRaw-0.18.9/src/libraw_cxx.cpp	2018-04-30 11:16:43.677077398 +0200
@@ -5484,17 +5484,18 @@ void x3f_clear(void *p)
   x3f_delete((x3f_t*)p);
 }
 
-static char *utf2char(utf16_t *str, char *buffer)
+void utf2char(utf16_t *str, char *buffer, unsigned bufsz)
 {
+ if(bufsz<1) return;
+ buffer[bufsz-1] = 0;
   char *b = buffer;
 
-  while (*str != 0x00) {
+  while (*str != 0x00 && --bufsz>0) {
     char *chr = (char *)str;
     *b++ = *chr;
     str++;
   }
   *b = 0;
-  return buffer;
 }
 
 static void *lr_memmem(const void *l, size_t l_len, const void *s, size_t s_len)
@@ -5555,8 +5556,8 @@ void LibRaw::parse_x3f()
 		  x3f_property_t *P = PL->property_table.element;
 		  for (i=0; i<PL->num_properties; i++) {
 			  char name[100], value[100];
-			  utf2char(P[i].name,name);
-			  utf2char(P[i].value,value);
+			  utf2char(P[i].name,name,sizeof(name));
+			  utf2char(P[i].value,value,sizeof(value));
 			  if (!strcmp (name, "ISO"))
 				  imgdata.other.iso_speed = atoi(value);
 			  if (!strcmp (name, "CAMMANUF"))

Places

File libraw-CVE-2018-10528.patch of Package libraw.30666

Places