Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
ImageMagick.29424
ImageMagick-CVE-2017-12565,12641.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-12565,12641.patch of Package ImageMagick.29424
Index: ImageMagick-6.8.8-1/coders/png.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/png.c 2018-01-15 14:05:55.507379063 +0100 +++ ImageMagick-6.8.8-1/coders/png.c 2018-01-16 07:25:56.575876637 +0100 @@ -4117,6 +4117,36 @@ static Image *ReadPNGImage(const ImageIn % o exception: return any errors or warnings in this structure. % */ + +void +DestroyJNG(unsigned char *chunk,Image **color_image, + ImageInfo **color_image_info, + Image **alpha_image,ImageInfo **alpha_image_info) + +{ + if (chunk) + (void) RelinquishMagickMemory(chunk); + if (*color_image_info) + { + DestroyImageInfo(*color_image_info); + *color_image_info = (ImageInfo *)NULL; + } + if (*alpha_image_info) + { + DestroyImageInfo(*alpha_image_info); + *alpha_image_info = (ImageInfo *)NULL; + } + if (*color_image) + { + DestroyImage(*color_image); + *color_image = (Image *)NULL; + } + if (*alpha_image) + { + DestroyImage(*alpha_image); + *alpha_image = (Image *)NULL; + } +} static Image *ReadOneJNGImage(MngInfo *mng_info, const ImageInfo *image_info, ExceptionInfo *exception) { @@ -4249,8 +4279,11 @@ static Image *ReadOneJNGImage(MngInfo *m type[0],type[1],type[2],type[3],(double) length); if (length > PNG_UINT_31_MAX || count == 0) + { + DestroyJNG(NULL,&color_image,&color_image_info, + &alpha_image,&alpha_image_info); ThrowReaderException(CorruptImageError,"CorruptImage"); - + } p=NULL; chunk=(unsigned char *) NULL; @@ -4350,6 +4383,16 @@ static Image *ReadOneJNGImage(MngInfo *m if (length) chunk=(unsigned char *) RelinquishMagickMemory(chunk); + if (jng_width > 65535 || jng_height > 65535) + { + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + " JNG width or height too large: (%lu x %lu)", + (long) jng_width, (long) jng_height); + DestroyJNG(chunk,&color_image,&color_image_info, + &alpha_image,&alpha_image_info); + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + } + /* Rationalize dimensions with blob size if it is available */ if (IsBlobSeekable(image)) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor