From b313ef412039e9eaeaed658ac685d30b51f44a60 Mon Sep 17 00:00:00 2001 From: Diego Casorran Date: Sat, 25 Apr 2020 13:40:33 +0000 Subject: [PATCH] Buffer overflow extracting the thumbnail of certain RAW photos - Fixes #3 Ideally the DNG parser should be fixed, but meanwhile and as a safety measure we shall ensure such buffer overflow does not happens in general... --- dcraw.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/dcraw.c b/dcraw.c index b9a6302..9bac600 100644 --- a/dcraw.c +++ b/dcraw.c @@ -10921,6 +10921,9 @@ int CLASS main (int argc, const char **argv) if ((status = !thumb_offset)) { fprintf (stderr,_("%s has no thumbnail.\n"), ifname); goto next; + } else if ((status = !((int)thumb_length > 0x7f)) { + fprintf (stderr,_("%s has invalid thumbnail.\n"), ifname); + goto next; } else if (thumb_load_raw) { load_raw = thumb_load_raw; data_offset = thumb_offset;