Description: fix denial of service and possible code execution via
 broken full-color images
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711317
Origin: upstream, https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a

Index: libkdcraw-4.9.2/libraw/src/libraw_cxx.cpp
===================================================================
--- libkdcraw-4.9.2.orig/libraw/src/libraw_cxx.cpp	2013-06-20 14:00:11.586584355 -0400
+++ libkdcraw-4.9.2/libraw/src/libraw_cxx.cpp	2013-06-20 14:00:11.578584355 -0400
@@ -796,8 +796,8 @@
                 S.iheight= S.height;
                 IO.shrink = 0;
                 // allocate image as temporary buffer, size 
-                imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
-                imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+                imgdata.rawdata.raw_alloc = 0;
+                imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image));
             }
 
 
@@ -807,8 +807,8 @@
         // recover saved
         if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY)
             {
-                imgdata.image = 0; 
-                imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc;
+              imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image;
+              imgdata.image = 0;
             }
 
         // calculate channel maximum
