Skip to content
Permalink
Browse files Browse the repository at this point in the history
SECUNIA advisory 76000 #1 (wrong fuji width set via tiff tag
  • Loading branch information
alextutubalin committed Dec 2, 2017
1 parent 74d1795 commit f139482
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 5 deletions.
12 changes: 10 additions & 2 deletions dcraw/dcraw.c
Expand Up @@ -3172,7 +3172,7 @@ void CLASS panasonic_load_raw()
int row, col, i, j, sh = 0, pred[2], nonz[2];

pana_bits(0);
for (row = 0; row < height; row++)
for (row = 0; row < raw_height; row++)
{
#ifdef LIBRAW_LIBRARY_BUILD
checkCancel();
Expand All @@ -3194,7 +3194,7 @@ void CLASS panasonic_load_raw()
}
else if ((nonz[i & 1] = pana_bits(8)) || i > 11)
pred[i & 1] = nonz[i & 1] << 4 | pana_bits(4);
if ((RAW(row, col) = pred[col & 1]) > 4098 && col < width)
if ((RAW(row, col) = pred[col & 1]) > 4098 && col < width && row < height)
derror();
}
}
Expand Down Expand Up @@ -15037,6 +15037,9 @@ void CLASS parse_fuji(int offset)
entries = get4();
if (entries > 255)
return;
#ifdef LIBRAW_LIBRARY_BUILD
imgdata.process_warnings |= LIBRAW_WARN_PARSEFUJI_PROCESSED;
#endif
while (entries--)
{
tag = get2();
Expand Down Expand Up @@ -19580,6 +19583,11 @@ void CLASS identify()
if (raw_color)
adobe_coeff("Apple", "Quicktake");

#ifdef LIBRAW_LIBRARY_BUILD
// Clear erorneus fuji_width if not set through parse_fuji or for DNG
if(fuji_width && !dng_version && !(imgdata.process_warnings & LIBRAW_WARN_PARSEFUJI_PROCESSED ))
fuji_width = 0;
#endif
if (fuji_width)
{
fuji_width = width >> !fuji_layout;
Expand Down
12 changes: 10 additions & 2 deletions internal/dcraw_common.cpp
Expand Up @@ -2875,7 +2875,7 @@ void CLASS panasonic_load_raw()
int row, col, i, j, sh = 0, pred[2], nonz[2];

pana_bits(0);
for (row = 0; row < height; row++)
for (row = 0; row < raw_height; row++)
{
#ifdef LIBRAW_LIBRARY_BUILD
checkCancel();
Expand All @@ -2897,7 +2897,7 @@ void CLASS panasonic_load_raw()
}
else if ((nonz[i & 1] = pana_bits(8)) || i > 11)
pred[i & 1] = nonz[i & 1] << 4 | pana_bits(4);
if ((RAW(row, col) = pred[col & 1]) > 4098 && col < width)
if ((RAW(row, col) = pred[col & 1]) > 4098 && col < width && row < height)
derror();
}
}
Expand Down Expand Up @@ -13708,6 +13708,9 @@ void CLASS parse_fuji(int offset)
entries = get4();
if (entries > 255)
return;
#ifdef LIBRAW_LIBRARY_BUILD
imgdata.process_warnings |= LIBRAW_WARN_PARSEFUJI_PROCESSED;
#endif
while (entries--)
{
tag = get2();
Expand Down Expand Up @@ -18091,6 +18094,11 @@ void CLASS identify()
if (raw_color)
adobe_coeff("Apple", "Quicktake");

#ifdef LIBRAW_LIBRARY_BUILD
// Clear erorneus fuji_width if not set through parse_fuji or for DNG
if(fuji_width && !dng_version && !(imgdata.process_warnings & LIBRAW_WARN_PARSEFUJI_PROCESSED ))
fuji_width = 0;
#endif
if (fuji_width)
{
fuji_width = width >> !fuji_layout;
Expand Down
3 changes: 2 additions & 1 deletion libraw/libraw_const.h
Expand Up @@ -231,7 +231,8 @@ enum LibRaw_warnings
LIBRAW_WARN_RAWSPEED_PROBLEM = 1 << 12,
LIBRAW_WARN_RAWSPEED_UNSUPPORTED = 1 << 13,
LIBRAW_WARN_RAWSPEED_PROCESSED = 1 << 14,
LIBRAW_WARN_FALLBACK_TO_AHD = 1 << 15
LIBRAW_WARN_FALLBACK_TO_AHD = 1 << 15,
LIBRAW_WARN_PARSEFUJI_PROCESSED = 1 << 16
};

enum LibRaw_exceptions
Expand Down

0 comments on commit f139482

Please sign in to comment.