File tree 2 files changed +20
-4
lines changed
2 files changed +20
-4
lines changed Original file line number Diff line number Diff line change @@ -12870,6 +12870,10 @@ int CLASS parse_tiff_ifd(int base)
1287012870 load_raw = &CLASS sony_arw_load_raw;
1287112871 data_offset = get4() + base;
1287212872 ifd++;
12873+ #ifdef LIBRAW_LIBRARY_BUILD
12874+ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
12875+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
12876+ #endif
1287312877 break;
1287412878 }
1287512879#ifdef LIBRAW_LIBRARY_BUILD
@@ -13177,7 +13181,7 @@ int CLASS parse_tiff_ifd(int base)
1317713181 break;
1317813182 case 50454: /* Sinar tag */
1317913183 case 50455:
13180- if (len > 2560000 || !(cbuf = (char *)malloc(len)))
13184+ if (len < 1 || len > 2560000 || !(cbuf = (char *)malloc(len)))
1318113185 break;
1318213186#ifndef LIBRAW_LIBRARY_BUILD
1318313187 fread(cbuf, 1, len, ifp);
@@ -14795,7 +14799,11 @@ int CLASS parse_jpeg(int offset)
1479514799 }
1479614800 order = get2();
1479714801 hlen = get4();
14798- if (get4() == 0x48454150) /* "HEAP" */
14802+ if (get4() == 0x48454150
14803+ #ifdef LIBRAW_LIBRARY_BUILD
14804+ && (save+hlen) >= 0 && (save+hlen)<=ifp->size()
14805+ #endif
14806+ ) /* "HEAP" */
1479914807 {
1480014808#ifdef LIBRAW_LIBRARY_BUILD
1480114809 imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens;
Original file line number Diff line number Diff line change @@ -11542,6 +11542,10 @@ int CLASS parse_tiff_ifd(int base)
1154211542 load_raw = &CLASS sony_arw_load_raw;
1154311543 data_offset = get4() + base;
1154411544 ifd++;
11545+ #ifdef LIBRAW_LIBRARY_BUILD
11546+ if (ifd >= sizeof tiff_ifd / sizeof tiff_ifd[0])
11547+ throw LIBRAW_EXCEPTION_IO_CORRUPT;
11548+ #endif
1154511549 break;
1154611550 }
1154711551#ifdef LIBRAW_LIBRARY_BUILD
@@ -11849,7 +11853,7 @@ int CLASS parse_tiff_ifd(int base)
1184911853 break;
1185011854 case 50454: /* Sinar tag */
1185111855 case 50455:
11852- if (len > 2560000 || !(cbuf = (char *)malloc(len)))
11856+ if (len < 1 || len > 2560000 || !(cbuf = (char *)malloc(len)))
1185311857 break;
1185411858#ifndef LIBRAW_LIBRARY_BUILD
1185511859 fread(cbuf, 1, len, ifp);
@@ -13467,7 +13471,11 @@ int CLASS parse_jpeg(int offset)
1346713471 }
1346813472 order = get2();
1346913473 hlen = get4();
13470- if (get4() == 0x48454150) /* "HEAP" */
13474+ if (get4() == 0x48454150
13475+ #ifdef LIBRAW_LIBRARY_BUILD
13476+ && (save+hlen) >= 0 && (save+hlen)<=ifp->size()
13477+ #endif
13478+ ) /* "HEAP" */
1347113479 {
1347213480#ifdef LIBRAW_LIBRARY_BUILD
1347313481 imgdata.lens.makernotes.CameraMount = LIBRAW_MOUNT_FixedLens;
You can’t perform that action at this time.
0 commit comments