Re: Crashes and memory safety bugs in dcraw

[Ian Zimmerman <itz () very loosely org>]

On 2018-11-23 09:22, Hanno Böck wrote:

> dcraw is a tool to process raw images from digital cameras.
> It easily crashes with various issues (tested version 9.28.0). This was
> very shallow testing (afl fuzzing with random inputs, not starting with
> valid images), I assume there's much more. I reported those a long time
> ago to its author, he didn't seem interested in fixing such issues.
>
> Some applications use dcraw automatically to parse images (gthumb,
> kphotoalbum, kde thumbnailers, gwenview).

An important side note: because dcraw intentionally doesn't provide a
library, only an executable, code from it is bundled in at least some
applications that use it; thus updating the dcraw package in a distro
will not by itself be the end of this problem for the distro.  One such
application : RawTherapee

-- 
Please don't Cc: me privately on mailing lists and Usenet,
if you also post the followup to the list or newsgroup.
To reply privately _only_ on Usenet and on broken lists
which rewrite From, fetch the TXT record for no-use.mooo.com.