From 071de035a815ff6a65232b4b2db62d5632f32ac0 Mon Sep 17 00:00:00 2001
From: GCQgitee <2542194747@qq.com>
Date: Fri, 17 Mar 2023 11:43:33 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=89=E5=85=A8=E6=9B=B4=E6=96=B0=EF=BC=9A?=
 =?UTF-8?q?=E4=BF=AE=E5=A4=8DLibraw=E4=B8=AD=E7=9A=84simple=5Fdecode=5Frow?=
 =?UTF-8?q?()=E5=87=BD=E6=95=B0=E8=B6=8A=E7=95=8C=E5=86=99=E5=85=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 debian/changelog        | 6 ++++++
 internal/libraw_x3f.cpp | 2 ++
 2 files changed, 8 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 474f8b8..b647a86 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+libraw (0.19.5-ok6) yangtze; urgency=medium
+
+  * zdongfh321 CVE-2020-35532 安全更新：修复Libraw中的simple_decode_row()函数越界写入
+
+ -- dongfh321 <duanfh@bupt.edu.cn>  Fri, 17 Mar 2023 11:42:04 +0800
+
 libraw (0.19.5-ok5) yangtze; urgency=medium
 
   * zhangce1999 CVE-2020-35531 安全更新：get_huffman_diff()函数（libraw\src\x3f\x3f_utils_patched.cpp）在从图像文件读取数据时存在越界读取漏洞。
diff --git a/internal/libraw_x3f.cpp b/internal/libraw_x3f.cpp
index 1b38620..0467778 100644
--- a/internal/libraw_x3f.cpp
+++ b/internal/libraw_x3f.cpp
@@ -1484,6 +1484,8 @@ static void simple_decode_row(x3f_info_t *I,
   x3f_image_data_t *ID = &DEH->data_subsection.image_data;
   x3f_huffman_t *HUF = ID->huffman;
 
+  if (row*row_stride > ID->data_size - (ID->columns*sizeof(uint32_t)))
+	  throw LIBRAW_EXCEPTION_IO_CORRUPT;
   uint32_t *data = (uint32_t *)((unsigned char*)ID->data + row*row_stride);
 
   uint16_t c[3] = {0,0,0};
-- 
Gitee