Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP3:GA
ImageMagick.23974
ImageMagick-CVE-2016-8684.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2016-8684.patch of Package ImageMagick.23974
% Index: ImageMagick-6.8.9-8/coders/sgi.c =================================================================== --- ImageMagick-6.8.9-8.orig/coders/sgi.c 2016-10-18 13:52:30.912192191 +0200 +++ ImageMagick-6.8.9-8/coders/sgi.c 2016-10-18 13:52:46.616430395 +0200 @@ -302,6 +302,9 @@ static Image *ReadSGIImage(const ImageIn unsigned char *pixels; + off_t + file_size; + /* Open image file. */ @@ -323,6 +326,7 @@ static Image *ReadSGIImage(const ImageIn Read SGI raster header. */ iris_info.magic=ReadBlobMSBShort(image); + file_size=GetBlobSize(image); do { /* @@ -378,6 +382,31 @@ static Image *ReadSGIImage(const ImageIn if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; /* + Check that filesize is reasonable given header + */ + { + double + uncompressed_size; + + uncompressed_size=((double) (iris_info.dimension == 3 ? iris_info.depth : 1)* + image->columns*image->rows*iris_info.bytes_per_pixel); + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Uncompressed size: %.0f", uncompressed_size); + if (iris_info.storage != 0x01) + { + /* Not compressed */ + if (uncompressed_size > file_size) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); + } + else + { + /* RLE compressed */ + if (uncompressed_size > file_size*254.0) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); + } + } + + /* Allocate SGI pixels. */ bytes_per_pixel=(size_t) iris_info.bytes_per_pixel;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor