Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:Update
ImageMagick.29977
ImageMagick-CVE-2017-7941.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-7941.patch of Package ImageMagick.29977
From 721dc1305b2bfff92e5ca605dc1a47c61ce90b9f Mon Sep 17 00:00:00 2001 From: Dirk Lemstra <dirk@git.imagemagick.org> Date: Mon, 17 Apr 2017 19:03:46 +0200 Subject: [PATCH] Fixed memory leak reported in #428. --- coders/sgi.c | 40 +++++++++++++++++++++++++++++++--------- 1 file changed, 31 insertions(+), 9 deletions(-) Index: ImageMagick-6.8.8-1/coders/sgi.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/sgi.c 2017-04-25 11:55:41.787382853 +0200 +++ ImageMagick-6.8.8-1/coders/sgi.c 2017-04-25 11:55:41.919384929 +0200 @@ -431,7 +431,10 @@ static Image *ReadSGIImage(const ImageIn scanline=(unsigned char *) AcquireQuantumMemory(iris_info.columns, bytes_per_pixel*sizeof(*scanline)); if (scanline == (unsigned char *) NULL) - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + { + pixel_info=RelinquishVirtualMemory(pixel_info); + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } for (z=0; z < (ssize_t) iris_info.depth; z++) { p=pixels+bytes_per_pixel*z; @@ -488,12 +491,11 @@ static Image *ReadSGIImage(const ImageIn (runlength == (size_t *) NULL) || (packet_info == (MemoryInfo *) NULL)) { - if (offsets == (ssize_t *) NULL) - offsets=(ssize_t *) RelinquishMagickMemory(offsets); - if (runlength == (size_t *) NULL) - runlength=(size_t *) RelinquishMagickMemory(runlength); - if (packet_info == (MemoryInfo *) NULL) + offsets=(ssize_t *) RelinquishMagickMemory(offsets); + runlength=(size_t *) RelinquishMagickMemory(runlength); + if (packet_info != (MemoryInfo *) NULL) packet_info=RelinquishVirtualMemory(packet_info); + pixel_info=RelinquishVirtualMemory(pixel_info); ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); } packets=(unsigned char *) GetVirtualMemoryBlob(packet_info); @@ -503,7 +505,13 @@ static Image *ReadSGIImage(const ImageIn { runlength[i]=ReadBlobMSBLong(image); if (runlength[i] > (4*(size_t) iris_info.columns+10)) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + { + offsets=(ssize_t *) RelinquishMagickMemory(offsets); + runlength=(size_t *) RelinquishMagickMemory(runlength); + packet_info=RelinquishVirtualMemory(packet_info); + pixel_info=RelinquishVirtualMemory(pixel_info); + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + } } /* Check data order. @@ -539,7 +547,14 @@ static Image *ReadSGIImage(const ImageIn (runlength[y+z*iris_info.rows]/bytes_per_pixel),packets, 1L*iris_info.columns,p+bytes_per_pixel*z); if (status == MagickFalse) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + { + offsets=(ssize_t *) RelinquishMagickMemory(offsets); + runlength=(size_t *) RelinquishMagickMemory(runlength); + packet_info=RelinquishVirtualMemory(packet_info); + pixel_info=RelinquishVirtualMemory(pixel_info); + ThrowReaderException(CorruptImageError, + "ImproperImageHeader"); + } p+=(iris_info.columns*4*bytes_per_pixel); } } @@ -569,7 +584,14 @@ static Image *ReadSGIImage(const ImageIn (runlength[y+z*iris_info.rows]/bytes_per_pixel),packets, 1L*iris_info.columns,p+bytes_per_pixel*z); if (status == MagickFalse) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + { + offsets=(ssize_t *) RelinquishMagickMemory(offsets); + runlength=(size_t *) RelinquishMagickMemory(runlength); + packet_info=RelinquishVirtualMemory(packet_info); + pixel_info=RelinquishVirtualMemory(pixel_info); + ThrowReaderException(CorruptImageError, + "ImproperImageHeader"); + } } p+=(iris_info.columns*4*bytes_per_pixel); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
