File ImageMagick-CVE-2019-13300.patch of Package ImageMagick.18190

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2019-13300.patch of Package ImageMagick.18190

Index: ImageMagick-6.8.8-1/magick/statistic.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/statistic.c	2013-12-29 11:47:14.000000000 +0100
+++ ImageMagick-6.8.8-1/magick/statistic.c	2019-07-19 12:33:39.323340844 +0200
@@ -94,6 +94,13 @@
 #include "magick/utility.h"
 #include "magick/version.h"
 
+static size_t MagickMax(const size_t x,const size_t y)
+{
+  if (x > y)
+    return(x);
+  return(y);
+}
+
 
 /*
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
@@ -150,18 +157,20 @@ static MagickPixelPacket **DestroyPixelT
   return(pixels);
 }
 
-static MagickPixelPacket **AcquirePixelThreadSet(const Image *image,
-  const size_t number_images)
+static MagickPixelPacket **AcquirePixelThreadSet(const Image *images)
 {
-  register ssize_t
-    i,
-    j;
+  const Image
+    *next;
 
   MagickPixelPacket
     **pixels;
 
+  register ssize_t
+    i,
+    j;
+
   size_t
-    length,
+    columns,
     number_threads;
 
   number_threads=(size_t) GetMagickResourceLimit(ThreadResource);
@@ -169,18 +178,18 @@ static MagickPixelPacket **AcquirePixelT
     sizeof(*pixels));
   if (pixels == (MagickPixelPacket **) NULL)
     return((MagickPixelPacket **) NULL);
-  (void) ResetMagickMemory(pixels,0,number_threads*sizeof(*pixels));
+  (void) memset(pixels,0,number_threads*sizeof(*pixels));
+  columns=images->columns;
+  for (next=images; next != (Image *) NULL; next=next->next)
+    columns=MagickMax(next->columns,columns);
   for (i=0; i < (ssize_t) number_threads; i++)
   {
-    length=image->columns;
-    if (length < number_images)
-      length=number_images;
-    pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(length,
+    pixels[i]=(MagickPixelPacket *) AcquireQuantumMemory(columns,
       sizeof(**pixels));
     if (pixels[i] == (MagickPixelPacket *) NULL)
       return(DestroyPixelThreadSet(pixels));
-    for (j=0; j < (ssize_t) length; j++)
-      GetMagickPixelPacket(image,&pixels[i][j]);
+    for (j=0; j < (ssize_t) columns; j++)
+      GetMagickPixelPacket(images,&pixels[i][j]);
   }
   return(pixels);
 }
@@ -475,8 +484,7 @@ MagickExport Image *EvaluateImages(const
       image=DestroyImage(image);
       return((Image *) NULL);
     }
-  number_images=GetImageListLength(images);
-  evaluate_pixels=AcquirePixelThreadSet(images,number_images);
+  evaluate_pixels=AcquirePixelThreadSet(images);
   if (evaluate_pixels == (MagickPixelPacket **) NULL)
     {
       image=DestroyImage(image);
@@ -489,6 +497,7 @@ MagickExport Image *EvaluateImages(const
   */
   status=MagickTrue;
   progress=0;
+  number_images=GetImageListLength(images);
   GetMagickPixelPacket(images,&zero);
   random_info=AcquireRandomInfoThreadSet();
 #if defined(MAGICKCORE_OPENMP_SUPPORT)
@@ -1946,9 +1955,6 @@ MagickExport Image *PolynomialImageChann
     **restrict polynomial_pixels,
     zero;
 
-  size_t
-    number_images;
-
   ssize_t
     y;
 
@@ -1967,8 +1973,7 @@ MagickExport Image *PolynomialImageChann
       image=DestroyImage(image);
       return((Image *) NULL);
     }
-  number_images=GetImageListLength(images);
-  polynomial_pixels=AcquirePixelThreadSet(images,number_images);
+  polynomial_pixels=AcquirePixelThreadSet(images);
   if (polynomial_pixels == (MagickPixelPacket **) NULL)
     {
       image=DestroyImage(image);
@@ -2011,6 +2016,9 @@ MagickExport Image *PolynomialImageChann
       i,
       x;
 
+    size_t
+      number_images;
+
     if (status == MagickFalse)
       continue;
     q=QueueCacheViewAuthenticPixels(polynomial_view,0,y,image->columns,1,
@@ -2025,6 +2033,7 @@ MagickExport Image *PolynomialImageChann
     for (x=0; x < (ssize_t) image->columns; x++)
       polynomial_pixel[x]=zero;
     next=images;
+    number_images=GetImageListLength(images);
     for (i=0; i < (ssize_t) number_images; i++)
     {
       register const IndexPacket
@@ -2242,6 +2251,7 @@ static PixelList **AcquirePixelListThrea
     i;
 
   size_t
+    columns,
     number_threads;
 
   number_threads=(size_t) GetMagickResourceLimit(ThreadResource);

Places

File ImageMagick-CVE-2019-13300.patch of Package ImageMagick.18190

Places