Skip to content
Permalink
Browse files Browse the repository at this point in the history
Secunia Advisory SA83050: possible infinite loop in parse_minolta()
  • Loading branch information
alextutubalin committed May 10, 2018
1 parent 3afcbfd commit e473845
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 0 deletions.
7 changes: 7 additions & 0 deletions dcraw/dcraw.c
Expand Up @@ -15669,11 +15669,18 @@ void CLASS parse_minolta(int base)
return;
order = fgetc(ifp) * 0x101;
offset = base + get4() + 8;
#ifdef LIBRAW_LIBRARY_BUILD
if(offset>ifp->size()-8) // At least 8 bytes for tag/len
offset = ifp->size()-8;
#endif

while ((save = ftell(ifp)) < offset)
{
for (tag = i = 0; i < 4; i++)
tag = tag << 8 | fgetc(ifp);
len = get4();
if(len < 0)
return; // just ignore wrong len?? or raise bad file exception?
switch (tag)
{
case 0x505244: /* PRD */
Expand Down
7 changes: 7 additions & 0 deletions internal/dcraw_common.cpp
Expand Up @@ -14331,11 +14331,18 @@ void CLASS parse_minolta(int base)
return;
order = fgetc(ifp) * 0x101;
offset = base + get4() + 8;
#ifdef LIBRAW_LIBRARY_BUILD
if(offset>ifp->size()-8) // At least 8 bytes for tag/len
offset = ifp->size()-8;
#endif

while ((save = ftell(ifp)) < offset)
{
for (tag = i = 0; i < 4; i++)
tag = tag << 8 | fgetc(ifp);
len = get4();
if(len < 0)
return; // just ignore wrong len?? or raise bad file exception?
switch (tag)
{
case 0x505244: /* PRD */
Expand Down

0 comments on commit e473845

Please sign in to comment.