Skip to content

Commit 5563e6d

Browse files
committed
Secunia 76000 #2: xtrans allhex not initialized
1 parent f139482 commit 5563e6d

File tree

2 files changed

+62
-2
lines changed

2 files changed

+62
-2
lines changed

Diff for: dcraw/dcraw.c

+31-1
Original file line numberDiff line numberDiff line change
@@ -7045,6 +7045,8 @@ void CLASS xtrans_interpolate(int passes)
70457045
#endif
70467046

70477047
#ifdef LIBRAW_LIBRARY_BUILD
7048+
if(width < TS || height < TS)
7049+
throw LIBRAW_EXCEPTION_IO_CORRUPT; // too small image
70487050
/* Check against right pattern */
70497051
for (row = 0; row < 6; row++)
70507052
for (col = 0; col < 6; col++)
@@ -7053,6 +7055,13 @@ void CLASS xtrans_interpolate(int passes)
70537055
if(cstat[0] < 6 || cstat[0]>10 || cstat[1]< 16
70547056
|| cstat[1]>24 || cstat[2]< 6 || cstat[2]>10 || cstat[3])
70557057
throw LIBRAW_EXCEPTION_IO_CORRUPT;
7058+
7059+
// Init allhex table to unreasonable values
7060+
for(int i = 0; i < 3; i++)
7061+
for(int j = 0; j < 3; j++)
7062+
for(int k = 0; k < 2; k++)
7063+
for(int l = 0; l < 8; l++)
7064+
allhex[i][j][k][l]=32700;
70567065
#endif
70577066
cielab(0, 0);
70587067
ndir = 4 << (passes > 1);
@@ -7063,6 +7072,7 @@ void CLASS xtrans_interpolate(int passes)
70637072
drv = (float(*)[TS][TS])(buffer + TS * TS * (ndir * 6 + 6));
70647073
homo = (char(*)[TS][TS])(buffer + TS * TS * (ndir * 10 + 6));
70657074

7075+
int minv=0,maxv=0,minh=0,maxh=0;
70667076
/* Map a green hexagon around each non-green pixel and vice versa: */
70677077
for (row = 0; row < 3; row++)
70687078
for (col = 0; col < 3; col++)
@@ -7083,11 +7093,25 @@ void CLASS xtrans_interpolate(int passes)
70837093
{
70847094
v = orth[d] * patt[g][c * 2] + orth[d + 1] * patt[g][c * 2 + 1];
70857095
h = orth[d + 2] * patt[g][c * 2] + orth[d + 3] * patt[g][c * 2 + 1];
7096+
minv=MIN(v,minv);
7097+
maxv=MAX(v,maxv);
7098+
minh=MIN(v,minh);
7099+
maxh=MAX(v,maxh);
70867100
allhex[row][col][0][c ^ (g * 2 & d)] = h + v * width;
70877101
allhex[row][col][1][c ^ (g * 2 & d)] = h + v * TS;
70887102
}
70897103
}
70907104

7105+
#ifdef LIBRAW_LIBRARY_BUILD
7106+
// Check allhex table initialization
7107+
for(int i = 0; i < 3; i++)
7108+
for(int j = 0; j < 3; j++)
7109+
for(int k = 0; k < 2; k++)
7110+
for(int l = 0; l < 8; l++)
7111+
if(allhex[i][j][k][l]>maxh+maxv*width+1 || allhex[i][j][k][l]<minh+minv*width-1)
7112+
throw LIBRAW_EXCEPTION_IO_CORRUPT;
7113+
int retrycount = 0;
7114+
#endif
70917115
/* Set green1 and green3 to the minimum and maximum allowed values: */
70927116
for (row = 2; row < height - 2; row++)
70937117
for (min = ~(max = 0), col = 2; col < width - 2; col++)
@@ -7118,7 +7142,13 @@ void CLASS xtrans_interpolate(int passes)
71187142
break;
71197143
case 2:
71207144
if ((min = ~(max = 0)) && (col += 2) < width - 3 && row > 2)
7121-
row--;
7145+
{
7146+
row--;
7147+
#ifdef LIBRAW_LIBRARY_BUILD
7148+
if(retrycount++ > width*height)
7149+
throw LIBRAW_EXCEPTION_IO_CORRUPT;
7150+
#endif
7151+
}
71227152
}
71237153
}
71247154

Diff for: internal/dcraw_common.cpp

+31-1
Original file line numberDiff line numberDiff line change
@@ -5727,6 +5727,8 @@ void CLASS xtrans_interpolate(int passes)
57275727
#endif
57285728

57295729
#ifdef LIBRAW_LIBRARY_BUILD
5730+
if(width < TS || height < TS)
5731+
throw LIBRAW_EXCEPTION_IO_CORRUPT; // too small image
57305732
/* Check against right pattern */
57315733
for (row = 0; row < 6; row++)
57325734
for (col = 0; col < 6; col++)
@@ -5735,6 +5737,13 @@ void CLASS xtrans_interpolate(int passes)
57355737
if(cstat[0] < 6 || cstat[0]>10 || cstat[1]< 16
57365738
|| cstat[1]>24 || cstat[2]< 6 || cstat[2]>10 || cstat[3])
57375739
throw LIBRAW_EXCEPTION_IO_CORRUPT;
5740+
5741+
// Init allhex table to unreasonable values
5742+
for(int i = 0; i < 3; i++)
5743+
for(int j = 0; j < 3; j++)
5744+
for(int k = 0; k < 2; k++)
5745+
for(int l = 0; l < 8; l++)
5746+
allhex[i][j][k][l]=32700;
57385747
#endif
57395748
cielab(0, 0);
57405749
ndir = 4 << (passes > 1);
@@ -5745,6 +5754,7 @@ void CLASS xtrans_interpolate(int passes)
57455754
drv = (float(*)[TS][TS])(buffer + TS * TS * (ndir * 6 + 6));
57465755
homo = (char(*)[TS][TS])(buffer + TS * TS * (ndir * 10 + 6));
57475756

5757+
int minv=0,maxv=0,minh=0,maxh=0;
57485758
/* Map a green hexagon around each non-green pixel and vice versa: */
57495759
for (row = 0; row < 3; row++)
57505760
for (col = 0; col < 3; col++)
@@ -5765,11 +5775,25 @@ void CLASS xtrans_interpolate(int passes)
57655775
{
57665776
v = orth[d] * patt[g][c * 2] + orth[d + 1] * patt[g][c * 2 + 1];
57675777
h = orth[d + 2] * patt[g][c * 2] + orth[d + 3] * patt[g][c * 2 + 1];
5778+
minv=MIN(v,minv);
5779+
maxv=MAX(v,maxv);
5780+
minh=MIN(v,minh);
5781+
maxh=MAX(v,maxh);
57685782
allhex[row][col][0][c ^ (g * 2 & d)] = h + v * width;
57695783
allhex[row][col][1][c ^ (g * 2 & d)] = h + v * TS;
57705784
}
57715785
}
57725786

5787+
#ifdef LIBRAW_LIBRARY_BUILD
5788+
// Check allhex table initialization
5789+
for(int i = 0; i < 3; i++)
5790+
for(int j = 0; j < 3; j++)
5791+
for(int k = 0; k < 2; k++)
5792+
for(int l = 0; l < 8; l++)
5793+
if(allhex[i][j][k][l]>maxh+maxv*width+1 || allhex[i][j][k][l]<minh+minv*width-1)
5794+
throw LIBRAW_EXCEPTION_IO_CORRUPT;
5795+
int retrycount = 0;
5796+
#endif
57735797
/* Set green1 and green3 to the minimum and maximum allowed values: */
57745798
for (row = 2; row < height - 2; row++)
57755799
for (min = ~(max = 0), col = 2; col < width - 2; col++)
@@ -5800,7 +5824,13 @@ void CLASS xtrans_interpolate(int passes)
58005824
break;
58015825
case 2:
58025826
if ((min = ~(max = 0)) && (col += 2) < width - 3 && row > 2)
5803-
row--;
5827+
{
5828+
row--;
5829+
#ifdef LIBRAW_LIBRARY_BUILD
5830+
if(retrycount++ > width*height)
5831+
throw LIBRAW_EXCEPTION_IO_CORRUPT;
5832+
#endif
5833+
}
58045834
}
58055835
}
58065836

0 commit comments

Comments
 (0)