From b74dfd5479b12dd702294fbd3c6ad1a86a11f48a Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Tue, 13 Aug 2019 09:14:04 +0200
Subject: import from 7.6

---
 libkdcraw-4.10.5-CVE-2013-2126.patch | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 libkdcraw-4.10.5-CVE-2013-2126.patch

(limited to 'libkdcraw-4.10.5-CVE-2013-2126.patch')

diff --git a/libkdcraw-4.10.5-CVE-2013-2126.patch b/libkdcraw-4.10.5-CVE-2013-2126.patch
new file mode 100644
index 0000000..221da0a
--- /dev/null
+++ b/libkdcraw-4.10.5-CVE-2013-2126.patch
@@ -0,0 +1,24 @@
+diff -up libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp.CVE-2013-2126 libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp
+--- libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp.CVE-2013-2126	2013-07-15 14:39:22.000000000 +0200
++++ libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp	2013-07-15 14:45:31.000000000 +0200
+@@ -1055,8 +1055,8 @@ int LibRaw::unpack(void)
+                 S.iheight= S.height;
+                 IO.shrink = 0;
+                 // allocate image as temporary buffer, size 
+-                imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+-                imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
++                imgdata.rawdata.raw_alloc = 0;
++                imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
+               }
+             ID.input->seek(libraw_internal_data.unpacker_data.data_offset, SEEK_SET);
+             (this->*load_raw)();
+@@ -1073,8 +1073,8 @@ int LibRaw::unpack(void)
+         // recover saved
+         if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
+             {
++                imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
+                 imgdata.image = 0; 
+-                imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+             }
+ 
+         // recover image sizes
-- 
cgit