blob: 221da0a47e32f81879dda0fa7ab07e6f223486a8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
diff -up libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp.CVE-2013-2126 libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp
--- libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp.CVE-2013-2126 2013-07-15 14:39:22.000000000 +0200
+++ libkdcraw-4.10.5/libraw/src/libraw_cxx.cpp 2013-07-15 14:45:31.000000000 +0200
@@ -1055,8 +1055,8 @@ int LibRaw::unpack(void)
S.iheight= S.height;
IO.shrink = 0;
// allocate image as temporary buffer, size
- imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
- imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+ imgdata.rawdata.raw_alloc = 0;
+ imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
}
ID.input->seek(libraw_internal_data.unpacker_data.data_offset, SEEK_SET);
(this->*load_raw)();
@@ -1073,8 +1073,8 @@ int LibRaw::unpack(void)
// recover saved
if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
{
+ imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
imgdata.image = 0;
- imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
}
// recover image sizes
|
