File ImageMagick-CVE-2023-3195.patch of Package ImageMagick.29977

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2023-3195.patch of Package ImageMagick.29977

Index: ImageMagick-6.8.8-1/coders/tiff.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/tiff.c
+++ ImageMagick-6.8.8-1/coders/tiff.c
@@ -1629,6 +1629,9 @@ RestoreMSCWarning
         register uint32
           *p;
 
+	size_t
+          extent;
+
         uint32
           *tile_pixels,
           columns,
@@ -1648,8 +1651,14 @@ RestoreMSCWarning
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed")
         if (CheckMemoryOverflow(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ImageError,"WidthOrHeightExceedsLimit");
-        tile_pixels=(uint32 *) AcquireQuantumMemory(columns,
-          rows*sizeof(*tile_pixels));
+	extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+#if defined(TIFF_VERSION_BIG)
+        extent+=image->columns*sizeof(uint64);
+#else
+        extent+=image->columns*sizeof(uint32);
+#endif
+        tile_pixels=(uint32 *) AcquireQuantumMemory(extent,
+          sizeof(*tile_pixels));
         if (tile_pixels == (uint32 *) NULL)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
         for (y=0; y < (ssize_t) image->rows; y+=rows)

Places

File ImageMagick-CVE-2023-3195.patch of Package ImageMagick.29977

Places