diff options
author | nia <nia@pkgsrc.org> | 2021-09-28 09:59:24 +0000 |
---|---|---|
committer | nia <nia@pkgsrc.org> | 2021-09-28 09:59:24 +0000 |
commit | 54e3cceb66b8e998b405f89975a6ec04640c8e0f (patch) | |
tree | ef0a05325a28d9dfecb29490f116f23125030cda /graphics | |
parent | 4812f07dbcd4e0c70989a1cd0809307d15179a43 (diff) | |
download | pkgsrc-54e3cceb66b8e998b405f89975a6ec04640c8e0f.tar.gz |
libraw: Update to 0.20.2
2020-10-14 Alex Tutubalin <lexa@lexa.ru>
* LibRaw 0.20.2
Reverted 0.20.1 change:
- const buffer for open_buffer() and open_bayer() calls
Because of 0.20.0 ABI break
2020-10-14 Alex Tutubalin <lexa@lexa.ru>
* LibRaw 0.20.1
* Improvements:
- exif callback is called on EXIF GPS and EXIF Interop IFDs
- open_bayer call documented
- Canon (ColorDatsSubver==32): parse Specular White instead of hardcoded value
* Fixes for normal files processing:
- Olympus XZ-1: do not provide linear_max (it is wrong in metadata)
- Nikon Z cameras: added space in camera list
- raw-identify: fixed wb-preset print
- Pentax Optio 33WR: maker index was incorrect
- dcraw_emu: corrected help line for -6 option.
- raw-identify: corrected range check for color matrices print
- use_camera_matrix option: fixed a bug introduced when making
compiler more happy.
* Fixes for damaged/special crafted files processing:
- Fix for truncated CR3 files parsing
- DNG metadata merger: all color loops are limited to MIN(4,colors)
- Check for marings: should be less than raw image size
- Check for xmpdata present in Samsung Lens ID assignment
- Check for column range in leaf_hdr decoder
- Additional checks in Hasselblad model parser
- Fuji rotate: better limits check
- DNG files: limit tiff_samples
* Not fixes, but makes ASAN/compilers/etc happy:
- corrected GPS EXIF output
- const buffer for open_buffer() and open_bayer() calls
2020-07-23 Alex Tutubalin <lexa@lexa.ru>
* LibRaw 0.20
== Camera Format support ==
Canon CR3
GoPro (via GPR SDK)
Panasonic 14-bit
Fujifilm compressed/16bit
Rapsberry Pi RAW+JPEG format (if USE_6BY9RPI defined)
Foveon X3F support changed: it is supported only if USE_X3FTOOLS defined
at build (see below for 'Imported code policy changed')
== Camera support (+59, 1131 total) ==
Canon: PowerShot G5 X Mark II, G7 X Mark III, SX70 HS,
EOS R, EOS RP, EOS 90D, EOS 250D, EOS M6 Mark II, EOS M50, EOS M200
EOS 1DX Mark III (lossless files only)
DJI Mavic Air, Osmo Action
FujiFilm GFX 100, X-A7, X-Pro3, X100V, X-T4 (uncompressed/lossless compressed only), X-T200
GoPro Fusion, HERO5, HERO6, HERO7, HERO8
Hasselblad L1D-20c, X1D II 50C
Leica D-LUX7, Q-P, Q2, V-LUX5, C-Lux / CAM-DC25, SL2, M10 Monochrom
Nikon D780, Z50, P950
Olympus TG-6, E-M5 Mark III, E-PL10, E-M1 Mark III,
Panasonic DC-FZ1000 II, DC-G90, DC-S1, DC-S1R, DC-S1H, DC-TZ95
PhaseOne IQ4 150MP
Ricoh GR III
Sony A7R IV, A9 II, ILCE-6100, ILCE-6600, RX0 II, RX100 VII
Zenit M
also multiple smartphones (the tested ones are listed in LibRaw::cameraList)
== Source code re-arranged ==
* dcraw.c is not used in the generation and build processes
* dcraw_common.cpp and libraw_cxx.cpp are split into multiple code chunks
placed in separate subfolders (decoders/ for raw data decoders,
metadata/ for metadata parsers, etc)
* dcraw_common.cpp and libraw_cxx.cpp remain to preserve existing
build environments (these files are now just a bunch of #include directives).
* It is possible to build LibRaw
a)without postprocessing functions (dcraw_process() and called function)
b)without postprocessing and LibRaw::raw2image() call (and called function).
It may be useful to reduce library memory/code footprint.
See Makefile.devel.nopp and Makefile.devel.noppr2i for the list of source
files needed to build reduced/stripped library.
== Normalized make/model ==
There is a huge number of identical cameras sold under different names,
depending on the market (e.g. multiple Panasonic or Canon models)
and even some identical cameras sold under different brands
(Panasonic -> Leica, Sony -> Hasselblad).
To reduce clutter, a normalization mechanism has been implemented in LibRaw:
In imgdata.idata:
char normalized_make[64]; - primary vendor name (e.g. Panasonic for
Leica re-branded cameras)
char normalized_model[64]; - primary camera model name
unsigned maker_index; - primary vendor name in indexed form (enum
LibRaw_cameramaker_index, LIBRAW_CAMERAMAKER_* constant).
These fields are always filled upon LibRaw::open_file()/open_buffer() calls.
const char* LibRaw::cameramakeridx2maker(int index): converts maker_index
to normalized_make.
We recommend that you use these normalized names in a variety of data tables
(color profiles, etc.) to reduce the number of duplicate entries.
New vendor index values will be added strictly to the end of the
LibRaw_cameramaker_index table, ensuring that the numbers assigned to
vendors that are already known to LibRaw will not change.
== DNG frame selection ==
DNG frames selection code re-worked:
- by default all frames w/ the NewSubfileType tag equal to 0
(high-res image) are added to the list of available images (selection
performed via imgdata.params.shot_select field, as usual)
- the special case for Fuju SuperCCD (SamplesPerPixel == 2) works as
before: shot_select=1 will extract second sub-image.
- Additional flags to imgdata.params.raw_processing_options:
LIBRAW_PROCESSING_DNG_ADD_ENHANCED - will add Enhanced DNG frame
(NewSubfileType == 16) to the list of available frames
LIBRAW_PROCESSING_DNG_ADD_PREVIEWS - will add previews
(NewSubfileType == 1) to the list.
- By default, DNG frames are not reordered and are available in same order
as in DNG (LibRaw traverses IFD/Sub-IFD trees in deep-first order).
To prioritize the largest image, set LIBRAW_PROCESSING_DNG_PREFER_LARGEST_IMAGE
bit in imgdata.params.raw_processing_options.
- DNG Stage2/Stage3 processing via DNG SDK (request via flags in
raw_processing_options)
== Imported code policy disclaimer ==
We've changed the policy regarding 3rd party code imported into LibRaw.
We (like other authors of open-source RAW parsers) gladly import support
code for various RAW formats from other projects (if the license allows it).
This is done to expand camera support.
Unfortunately, not all imported code can tolerate truncated or otherwise
damaged raw files, as well as arbitrary conditions or arbitrary data;
not all authors handle rejecting unexpected input well.
LibRaw is now widely used in various projects, including ImageMagick, which,
in turn, is often used on web sites to process any input images, including
arbitrary data from unknown users.
This opens up wide possibilities for exploiting the various vulnerabilities
present in the code borrowed from other projects into LibRaw. In order to
avoid such security risks, - the borrowed code will no longer compile
by default.
We are not able to support it in general case, and the authors refuse
to add code to reject unexpected input.
Thus, if you use some kind of camera for which the support is disabled
by default, you need to recompile LibRaw for your specific case.
Formats currently affected:
X3F (Foveon) file format.
Code is imported from Kalpanika X3F tools: https://github.com/Kalpanika/x3f
To turn the support on, define USE_X3FTOOLS
Rapsberry Pi RAW+JPEG format.
Code is imported from https://github.com/6by9/dcraw/,
To turn the support on, define USE_6BY9RPI
Format support is indicated via LibRaw::capabilities() call with flags:
LIBRAW_CAPS_X3FTOOLS - Foveon support
LIBRAW_CAPS_RPI6BY9 - RPi RAW+JPEG support
== GoPro .gpr format support ==
GoPro format supported via open-source GPR SDK
See README.GoPro.txt for details.
== Windows support/Windows unicode (wchar_t*) filenames support ==
* (old) LibRaw's WIN32 external define split into 3 defines to fine tune
compiler/api compatibility:
LIBRAW_WIN32_DLLDEFS - use to compile DLLs (__dllimport/__dllexport attributes)
LIBRAW_WIN32_UNICODEPATHS - indicates that runtime has calls/datatypes for wchar_t filenames
LIBRAW_WIN32_CALLS - use Win32 calls where appropriative (binary mode for files, LibRaw_windows_datastream, _snprintf instead of snprintf, etc).
If the (old) WIN32 macro is defined at compile time, all three new defines are defined in libraw.h
If not, these defines are defined based on compiler version/libc++ defines
* LibRaw::open_file(wchar_t*) is always compiled in under Windows, but
if LIBRAW_WIN32_UNICODEPATHS (see above) is not defined, this call will
return LIBRAW_NOT_IMPLEMENTED.
Use (LibRaw::capabilities() & LIBRAW_CAPS_UNICODEPATHS) on runtime
to check that this call was really implemented (or check for #ifdef LIBRAW_WIN32_UNICODEPATHS after #include <libraw.h>)
== LibRaw*datastream simplified ==
* tempbuffer_open, subfile_open are not used, so removed from
LibRaw_abstract_datastream and derived classes.
* jpeg_src() call implemented using ->read() call and own buffering
(16k buffer).
* buffering_off() call added. It should be used in derived classes
to switch from buffered reads to unbuffered.
== minor/unsorted changes ==
* new flag LIBRAW_WARN_DNGSDK_PROCESSED to indicate decoder used
* LibRaw::open() call, max_buf_size special meaning:
== 1 => open using bigfile_datastream
== 2 => open using file_datastream
* Add support for zlib during configure
* Fixed multiple problems found by OSS-Fuzz
* Lots of changes in imgdata.makernotes (hope someone will document it)
* DNG SDK could be used (if enabled) to unpack multi-image DNG files.
* DNG whitelevel calculated via BitsPerSample if not set via tags.
* DNG: support for LinearDNG w/ BlackLevelRepeat.. pattern
* Generic Arri camera format replaced w/ list of specific camera models in supported cameras list.
* new samples/rawtextdump sample: allows one to dump (small selection) of RAW data in text format.
* samples/raw-identify:
* +M/-M params (same as in dcraw_emu)
* -L <file-w-filelist> parameter to get file list from a file
* -m paramerer to use mmap'ed IO.
* -t parameter for timing
* samples/dcraw_emu: fixed +M handling
* better support for Nikon Coolscan 16-bit NEF files.
* Visual Studio project files: re-generated to .vcxproj (Visual Studio 2019), different
intermediate folders for different sub-projects to allow 1-step rebuild.
* imgdata.makernotes...cameraspecific: removed the vendor name prefix from variables.
* Bayer images: ensure that even margins have the same COLOR() for both the active sensor area and the full sensor area.
* raw processing flag bit LIBRAW_PROCESSING_CHECK_DNG_ILLUMINANT inverted and renamed to
LIBRAW_PROCESSING_DONT_CHECK_DNG_ILLUMINANT. If not set, DNG illuminant will be checked.
* New libraw_decoder_t flags:
LIBRAW_DECODER_FLATDATA - in-file data could be used as is (if byte order matches), e.g. via mmap()
LIBRAW_DECODER_FLAT_BG2_SWAPPED - special flag for Sony ARQ: indicates R-G-G2-B channel
order in 4-color data
* Camera-recorded image crop data is parsed into imgdata.sizes.raw_inset_crop structure:
ctop,cleft,cwidth,cheight - crop size.
aspect - LibRawImageAspects enum (3to2, 4to3, etc)
* New define LIBRAW_NO_WINSOCK2 to not include winsock2.h on compile
* New processing flag LIBRAW_PROCESSING_PROVIDE_NONSTANDARD_WB
If set (default is not), and when applicable, color.cam_mul[] and
color.WB_Coeffs/WBCT_Coeffs will contain WB settings for a non-standard
workflow.
Right now only Sony DSC-F828 is affected: camera-recorded white balance
can't be directly applied to raw data because WB is for RGB, while raw
data is RGBE.
* New processing flag: LIBRAW_PROCESSING_CAMERAWB_FALLBACK_TO_DAYLIGHT
If set (default is not), LibRaw::dcraw_process() will fallback to
daylight WB (excluding some very specific cases like Canon D30).
This is how LibRaw 0.19 (and older) works.
If not set: LibRaw::dcraw_process() will fallback to calculated auto WB if
camera WB is requested, but appropriate white balance was not found in
metadata.
* Google changes cherry-picked (thanks to Jamie Pinheiro)
* speedup: ppg interpolate: const loop invariant
* Bugs fixed
-Fixed several UBs found by OSS Fuzz
-Fixed several problems found by other fuzzers.
- Thumbnail size range check (CVE-2020-15503)
Thanks to Jennifer Gehrke of Recurity Labs GmbH for problem report.
- fixed possible overflows in canon and sigma makernotes parsers
- fixed possible buffer overrun in crx (cr3) decoder
- fixed memory leak in crx decoder (if compiled with LIBRAW_NO_CR3_MEMPOOL)
- fixed possible overrun in Sony SRF and SR2 metadata parsers
* Fixed typo in longitude (member of parsed GPS structure), update required for code that uses it.
Diffstat (limited to 'graphics')
-rw-r--r-- | graphics/libraw/Makefile | 13 | ||||
-rw-r--r-- | graphics/libraw/buildlink3.mk | 4 | ||||
-rw-r--r-- | graphics/libraw/distinfo | 15 | ||||
-rw-r--r-- | graphics/libraw/patches/patch-internal_libraw__x3f.cpp | 16 | ||||
-rw-r--r-- | graphics/libraw/patches/patch-libraw__r.pc.in | 6 | ||||
-rw-r--r-- | graphics/libraw/patches/patch-libraw_libraw__const.h | 18 | ||||
-rw-r--r-- | graphics/libraw/patches/patch-src_libraw__cxx.cpp | 130 |
7 files changed, 14 insertions, 188 deletions
diff --git a/graphics/libraw/Makefile b/graphics/libraw/Makefile index b7f899a8955..7a2e2469870 100644 --- a/graphics/libraw/Makefile +++ b/graphics/libraw/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.35 2021/09/19 18:46:50 nia Exp $ +# $NetBSD: Makefile,v 1.36 2021/09/28 09:59:24 nia Exp $ -DISTNAME= LibRaw-0.19.5 +DISTNAME= LibRaw-0.20.2 PKGNAME= ${DISTNAME:tl} -PKGREVISION= 1 CATEGORIES= graphics MASTER_SITES= https://www.libraw.org/data/ @@ -11,7 +10,7 @@ HOMEPAGE= https://www.libraw.org/ COMMENT= Raw decoding/processing library LICENSE= gnu-lgpl-v2.1 OR cddl-1.0 -USE_LANGUAGES= c c++03 +USE_LANGUAGES= c c++ USE_LIBTOOL= yes USE_TOOLS+= pkg-config gmake GNU_CONFIGURE= yes @@ -20,12 +19,6 @@ CONFIGURE_ARGS+= --disable-examples PKGCONFIG_OVERRIDE+= libraw.pc.in PKGCONFIG_OVERRIDE+= libraw_r.pc.in -# internal/dcraw_common.cpp: In member function 'void LibRaw::xtrans_interpolate(int)': -# internal/dcraw_common.cpp:5885:27: error: array subscript has type 'char' [-Werror=char-subscripts] -# cstat[fcol(row, col)]++; -# Maybe fix this later. -BUILDLINK_TRANSFORM+= rm:-Werror=char-subscripts - .include "options.mk" .include "../../graphics/lcms2/buildlink3.mk" .include "../../mk/jpeg.buildlink3.mk" diff --git a/graphics/libraw/buildlink3.mk b/graphics/libraw/buildlink3.mk index 2ef9fa98c36..b6ee0b7f88b 100644 --- a/graphics/libraw/buildlink3.mk +++ b/graphics/libraw/buildlink3.mk @@ -1,4 +1,4 @@ -# $NetBSD: buildlink3.mk,v 1.9 2020/03/15 10:31:59 rillig Exp $ +# $NetBSD: buildlink3.mk,v 1.10 2021/09/28 09:59:24 nia Exp $ BUILDLINK_TREE+= libraw @@ -11,7 +11,7 @@ BUILDLINK_PKGSRCDIR.libraw?= ../../graphics/libraw pkgbase := libraw .include "../../mk/pkg-build-options.mk" -.if !empty(PKG_BUILD_OPTIONS.libraw:Mjasper) +.if ${PKG_BUILD_OPTIONS.libraw:Mjasper} . include "../../graphics/jasper/buildlink3.mk" .endif .include "../../graphics/lcms2/buildlink3.mk" diff --git a/graphics/libraw/distinfo b/graphics/libraw/distinfo index df406deec87..7d646a49983 100644 --- a/graphics/libraw/distinfo +++ b/graphics/libraw/distinfo @@ -1,10 +1,7 @@ -$NetBSD: distinfo,v 1.27 2021/09/19 18:46:50 nia Exp $ +$NetBSD: distinfo,v 1.28 2021/09/28 09:59:24 nia Exp $ -SHA1 (LibRaw-0.19.5.tar.gz) = c151995b6f17a0ccef7fbc1dcb982f0ccb04d934 -RMD160 (LibRaw-0.19.5.tar.gz) = 051642cfdf713e1d981a1790f4d872d89ff6f02a -SHA512 (LibRaw-0.19.5.tar.gz) = 4560045f75e6d2ab0d1d8686075f3a0e26a5d7ce693b48508110a2c31d19055d58983c24852da0abb64fa90db5e20f24b87aa7537ed04d958c38c8b265a7e826 -Size (LibRaw-0.19.5.tar.gz) = 1303806 bytes -SHA1 (patch-internal_libraw__x3f.cpp) = ec5d479a45d7fc25c884cc7259ad513857fa2711 -SHA1 (patch-libraw__r.pc.in) = e691f79c69c5530c93262c270fe7e2f5b1c959d9 -SHA1 (patch-libraw_libraw__const.h) = 91836dca7f9ba820417381bad53fe292b3e5f0ce -SHA1 (patch-src_libraw__cxx.cpp) = fb2f16cb7a0798f499383bc06768ac0543049f66 +SHA1 (LibRaw-0.20.2.tar.gz) = 8143597d820167fb4f3a51c920e142e6f1386d01 +RMD160 (LibRaw-0.20.2.tar.gz) = 932abbfd49432ace0a2e2b4e4fbb07f140421de3 +SHA512 (LibRaw-0.20.2.tar.gz) = 96b1aaf09e2d46448d1b3619270c1f1c32e9bcbd866567cec67d5b1f889362f0fae3f3533ea9bf6a11a917be3b61ee6c9938bad09209d93453039ed04eaeae4a +Size (LibRaw-0.20.2.tar.gz) = 1432141 bytes +SHA1 (patch-libraw__r.pc.in) = 6ad890804132306c878657a31998f70d92f8b185 diff --git a/graphics/libraw/patches/patch-internal_libraw__x3f.cpp b/graphics/libraw/patches/patch-internal_libraw__x3f.cpp deleted file mode 100644 index c8f17ed5dbf..00000000000 --- a/graphics/libraw/patches/patch-internal_libraw__x3f.cpp +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-internal_libraw__x3f.cpp,v 1.2 2018/04/14 03:45:56 markd Exp $ - -undefine DS if sys/regset.h is pulled in on SunOS - ---- internal/libraw_x3f.cpp.orig 2018-02-24 09:47:43.000000000 +0000 -+++ internal/libraw_x3f.cpp -@@ -710,6 +710,9 @@ static x3f_huffman_t *new_huffman(x3f_hu - /* --------------------------------------------------------------------- */ - /* Creating a new x3f structure from file */ - /* --------------------------------------------------------------------- */ -+#ifdef DS -+#undef DS -+#endif - - /* extern */ x3f_t *x3f_new_from_file(LibRaw_abstract_datastream *infile) - { diff --git a/graphics/libraw/patches/patch-libraw__r.pc.in b/graphics/libraw/patches/patch-libraw__r.pc.in index 4e01db7b92f..bb144ed4d46 100644 --- a/graphics/libraw/patches/patch-libraw__r.pc.in +++ b/graphics/libraw/patches/patch-libraw__r.pc.in @@ -1,8 +1,8 @@ -$NetBSD: patch-libraw__r.pc.in,v 1.2 2015/07/18 10:40:20 adam Exp $ +$NetBSD: patch-libraw__r.pc.in,v 1.3 2021/09/28 09:59:24 nia Exp $ Avoid libstdc++. ---- libraw_r.pc.in.orig 2013-05-17 22:56:40.000000000 +0000 +--- libraw_r.pc.in.orig 2020-10-15 05:06:07.000000000 +0000 +++ libraw_r.pc.in @@ -7,5 +7,5 @@ Name: libraw Description: Raw image decoder library (thread-safe) @@ -10,4 +10,4 @@ Avoid libstdc++. Version: @PACKAGE_VERSION@ -Libs: -L${libdir} -lraw_r -lstdc++@PC_OPENMP@ +Libs: -L${libdir} -lraw_r @PC_OPENMP@ - Cflags: -I${includedir}/libraw + Cflags: -I${includedir}/libraw -I${includedir} diff --git a/graphics/libraw/patches/patch-libraw_libraw__const.h b/graphics/libraw/patches/patch-libraw_libraw__const.h deleted file mode 100644 index 29b7dc9ee49..00000000000 --- a/graphics/libraw/patches/patch-libraw_libraw__const.h +++ /dev/null @@ -1,18 +0,0 @@ -$NetBSD: patch-libraw_libraw__const.h,v 1.1 2021/09/19 18:46:50 nia Exp $ - -Thumbnail size range check (CVE-2020-15503) - ---- libraw/libraw_const.h.orig 2019-08-20 17:34:30.000000000 +0000 -+++ libraw/libraw_const.h -@@ -24,6 +24,11 @@ it under the terms of the one of two lic - #define LIBRAW_MAX_ALLOC_MB 2048L - #endif - -+/* limit thumbnail size, default is 512Mb*/ -+#ifndef LIBRAW_MAX_THUMBNAIL_MB -+#define LIBRAW_MAX_THUMBNAIL_MB 512L -+#endif -+ - /* Change to non-zero to allow (broken) CRW (and other) files metadata - loop prevention */ - #ifndef LIBRAW_METADATA_LOOP_PREVENTION diff --git a/graphics/libraw/patches/patch-src_libraw__cxx.cpp b/graphics/libraw/patches/patch-src_libraw__cxx.cpp deleted file mode 100644 index e4bffc8f458..00000000000 --- a/graphics/libraw/patches/patch-src_libraw__cxx.cpp +++ /dev/null @@ -1,130 +0,0 @@ -$NetBSD: patch-src_libraw__cxx.cpp,v 1.2 2021/09/19 18:46:50 nia Exp $ - -- Thumbnail size range check (CVE-2020-15503) -- undefine DS if sys/regset.h is pulled in on SunOS - ---- src/libraw_cxx.cpp.orig 2019-08-20 17:34:30.000000000 +0000 -+++ src/libraw_cxx.cpp -@@ -3712,6 +3712,20 @@ libraw_processed_image_t *LibRaw::dcraw_ - return NULL; - } - -+ if (T.tlength < 64u) -+ { -+ if (errcode) -+ *errcode = EINVAL; -+ return NULL; -+ } -+ -+ if (INT64(T.tlength) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) -+ { -+ if (errcode) -+ *errcode = LIBRAW_TOO_BIG; -+ return NULL; -+ } -+ - if (T.tformat == LIBRAW_THUMBNAIL_BITMAP) - { - libraw_processed_image_t *ret = (libraw_processed_image_t *)::malloc(sizeof(libraw_processed_image_t) + T.tlength); -@@ -3976,6 +3990,12 @@ void LibRaw::kodak_thumb_loader() - if (ID.toffset + est_datasize > ID.input->size() + THUMB_READ_BEYOND) - throw LIBRAW_EXCEPTION_IO_EOF; - -+ if(INT64(T.theight) * INT64(T.twidth) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) -+ throw LIBRAW_EXCEPTION_IO_CORRUPT; -+ -+ if (INT64(T.theight) * INT64(T.twidth) < 64ULL) -+ throw LIBRAW_EXCEPTION_IO_CORRUPT; -+ - // some kodak cameras - ushort s_height = S.height, s_width = S.width, s_iwidth = S.iwidth, s_iheight = S.iheight; - ushort s_flags = libraw_internal_data.unpacker_data.load_flags; -@@ -4237,6 +4257,25 @@ int LibRaw::unpack_thumb(void) - CHECK_ORDER_LOW(LIBRAW_PROGRESS_IDENTIFY); - CHECK_ORDER_BIT(LIBRAW_PROGRESS_THUMB_LOAD); - -+#define THUMB_SIZE_CHECKT(A) \ -+ do { \ -+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ if (INT64(A) > 0 && INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ } while (0) -+ -+#define THUMB_SIZE_CHECKTNZ(A) \ -+ do { \ -+ if (INT64(A) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ if (INT64(A) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ } while (0) -+ -+ -+#define THUMB_SIZE_CHECKWH(W,H) \ -+ do { \ -+ if (INT64(W)*INT64(H) > 1024ULL * 1024ULL * LIBRAW_MAX_THUMBNAIL_MB) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ if (INT64(W)*INT64(H) < 64ULL) throw LIBRAW_EXCEPTION_IO_CORRUPT; \ -+ } while (0) -+ - try - { - if (!libraw_internal_data.internal_data.input) -@@ -4267,6 +4306,7 @@ int LibRaw::unpack_thumb(void) - - if (INT64(ID.toffset) + tsize > ID.input->size() + THUMB_READ_BEYOND) - throw LIBRAW_EXCEPTION_IO_EOF; -+ THUMB_SIZE_CHECKT(tsize); - } - else - { -@@ -4280,6 +4320,8 @@ int LibRaw::unpack_thumb(void) - ID.input->seek(ID.toffset, SEEK_SET); - if (write_thumb == &LibRaw::jpeg_thumb) - { -+ THUMB_SIZE_CHECKTNZ(T.tlength); -+ - if (T.thumb) - free(T.thumb); - T.thumb = (char *)malloc(T.tlength); -@@ -4326,6 +4368,7 @@ int LibRaw::unpack_thumb(void) - { - if (t_bytesps > 1) - throw LIBRAW_EXCEPTION_IO_CORRUPT; // 8-bit thumb, but parsed for more bits -+ THUMB_SIZE_CHECKWH(T.twidth, T.theight); - int t_length = T.twidth * T.theight * t_colors; - - if (T.tlength && T.tlength < t_length) // try to find tiff ifd with needed offset -@@ -4351,6 +4394,7 @@ int LibRaw::unpack_thumb(void) - T.tcolors = 1; - } - T.tlength = total_size; -+ THUMB_SIZE_CHECKTNZ(T.tlength); - if (T.thumb) - free(T.thumb); - T.thumb = (char *)malloc(T.tlength); -@@ -4384,6 +4428,8 @@ int LibRaw::unpack_thumb(void) - if (T.thumb) - free(T.thumb); - -+ THUMB_SIZE_CHECKTNZ(T.tlength); -+ - T.thumb = (char *)malloc(T.tlength); - if (!T.tcolors) - T.tcolors = t_colors; -@@ -4404,6 +4450,10 @@ int LibRaw::unpack_thumb(void) - int i_length = T.twidth * T.theight * t_colors * 2; - if (!T.tlength) - T.tlength = o_length; -+ THUMB_SIZE_CHECKTNZ(o_length); -+ THUMB_SIZE_CHECKTNZ(i_length); -+ THUMB_SIZE_CHECKTNZ(T.tlength); -+ - ushort *t_thumb = (ushort *)calloc(i_length, 1); - ID.input->read(t_thumb, 1, i_length); - if ((libraw_internal_data.unpacker_data.order == 0x4949) == (ntohs(0x1234) == 0x1234)) -@@ -6183,6 +6233,9 @@ void LibRaw::parse_x3f() - _x3f_data = x3f; - - x3f_header_t *H = NULL; -+#ifdef DS -+#undef DS -+#endif - x3f_directory_section_t *DS = NULL; - - H = &x3f->header; |