Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
ImageMagick.6416
ImageMagick-CVE-2017-14042.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-14042.patch of Package ImageMagick.6416
Index: ImageMagick-6.8.8-1/coders/pnm.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/pnm.c 2017-12-13 14:25:46.190970191 +0100 +++ ImageMagick-6.8.8-1/coders/pnm.c 2017-12-13 14:40:00.339091156 +0100 @@ -149,87 +149,90 @@ static inline ssize_t ConstrainPixel(Ima return(offset); } -static void PNMComment(Image *image) -{ +static int PNMComment(Image *image) +{ int c; - + char *comment; - + register char *p; - + size_t extent; - + /* Read comment. */ comment=AcquireString(GetImageProperty(image,"comment")); - extent=MaxTextExtent; p=comment+strlen(comment); - for (c='#'; (c != EOF) && (c != (int) '\n'); p++) - { + extent=strlen(comment)+MaxTextExtent; + for (c='#'; (c != EOF) && (c != (int) '\n') && (c != (int) '\r'); p++) + { if ((size_t) (p-comment+1) >= extent) - { + { extent<<=1; - comment=(char *) ResizeQuantumMemory(comment,extent+MaxTextExtent, - sizeof(*comment)); + comment=(char *) ResizeQuantumMemory(comment,extent+MaxTextExtent, + sizeof(*comment)); if (comment == (char *) NULL) break; p=comment+strlen(comment); } c=ReadBlobByte(image); if (c != EOF) - { + { *p=(char) c; *(p+1)='\0'; } } if (comment == (char *) NULL) - return; + return(c); (void) SetImageProperty(image,"comment",comment); comment=DestroyString(comment); + return(c); } static unsigned int PNMInteger(Image *image,const unsigned int base) -{ +{ int c; - + unsigned int value; - + /* Skip any leading whitespace. */ do - { + { c=ReadBlobByte(image); if (c == EOF) return(0); if (c == (int) '#') - PNMComment(image); - } while (isdigit(c) == MagickFalse); + c=PNMComment(image); + } while ((c == ' ') || (c == '\t') || (c == '\n') || (c == '\r')); if (base == 2) return((unsigned int) (c-(int) '0')); /* Evaluate number. */ value=0; - do - { - if (value > (unsigned int) (INT_MAX/10)) - break; - value*=10; - if (value > (INT_MAX-c)) - break; - value+=c-(int) '0'; + while (isdigit(c) != 0) + { + if (value <= (unsigned int) (INT_MAX/10)) + { + value*=10; + if (value <= (unsigned int) (INT_MAX-(c-(int) '0'))) + value+=c-(int) '0'; + } c=ReadBlobByte(image); if (c == EOF) - return(value); - } while (isdigit(c) != MagickFalse); + return(0); + } + if (c == (int) '#') + c=PNMComment(image); return(value); } @@ -345,7 +348,7 @@ static Image *ReadPNMImage(const ImageIn /* Comment. */ - PNMComment(image); + (void) PNMComment(image); c=ReadBlobByte(image); while (isspace((int) ((unsigned char) c)) != 0) c=ReadBlobByte(image);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor