File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-201... of Package ImageMagick

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-2014-9907.patch of Package ImageMagick (Revision 5105f7d70ea283ae9c783c54f1058093)

Currently displaying revision 5105f7d70ea283ae9c783c54f1058093 , Show latest

Index: ImageMagick-6.8.8-1/coders/dds.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/dds.c	2013-12-22 03:08:38.000000000 +0100
+++ ImageMagick-6.8.8-1/coders/dds.c	2016-06-22 14:33:52.999013386 +0200
@@ -777,11 +777,11 @@ static MagickBooleanType
 static void
   RemapIndices(const ssize_t *, const unsigned char *, unsigned char *);
 
-static void
-  SkipDXTMipmaps(Image *, DDSInfo *, int);
+static MagickBooleanType
+  SkipDXTMipmaps(Image *, DDSInfo *, int, ExceptionInfo *);
 
-static void
-  SkipRGBMipmaps(Image *, DDSInfo *, int);
+static MagickBooleanType
+  SkipRGBMipmaps(Image *, DDSInfo *, int, ExceptionInfo *);
 
 static
   MagickBooleanType WriteDDSImage(const ImageInfo *, Image *);
@@ -1809,6 +1809,8 @@ static Image *ReadDDSImage(const ImageIn
   {
     if (n != 0)
       {
+        if (EOFBlob(image) != MagickFalse)
+          ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
         /* Start a new image */
         AcquireNextImage(image_info,image);
         if (GetNextImageInList(image) == (Image *) NULL)
@@ -1831,6 +1833,12 @@ static Image *ReadDDSImage(const ImageIn
         (void) CloseBlob(image);
         return(GetFirstImageInList(image));
       }
+    status=SetImageExtent(image,image->columns,image->rows);
+    if (status == MagickFalse)
+      {
+        InheritException(exception,&image->exception);
+        return(DestroyImageList(image));
+      }
 
     if ((decoder)(image, &dds_info) != MagickTrue)
       {
@@ -1839,10 +1847,6 @@ static Image *ReadDDSImage(const ImageIn
       }
   }
 
-  if (EOFBlob(image) != MagickFalse)
-    ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile",
-      image->filename);
-
   (void) CloseBlob(image);
   return(GetFirstImageInList(image));
 }
@@ -1970,9 +1974,7 @@ static MagickBooleanType ReadDXT1(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 8);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,8,exception));
 }
 
 static MagickBooleanType ReadDXT3(Image *image, DDSInfo *dds_info)
@@ -2060,9 +2062,7 @@ static MagickBooleanType ReadDXT3(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 16);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,16,exception));
 }
 
 static MagickBooleanType ReadDXT5(Image *image, DDSInfo *dds_info)
@@ -2164,9 +2164,7 @@ static MagickBooleanType ReadDXT5(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 16);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,16,exception));
 }
 
 static MagickBooleanType ReadUncompressedRGB(Image *image, DDSInfo *dds_info)
@@ -2205,9 +2203,7 @@ static MagickBooleanType ReadUncompresse
       return MagickFalse;
   }
 
-  SkipRGBMipmaps(image, dds_info, 3);
-
-  return MagickTrue;
+  return(SkipRGBMipmaps(image,dds_info,3,exception));
 }
 
 static MagickBooleanType ReadUncompressedRGBA(Image *image, DDSInfo *dds_info)
@@ -2246,9 +2242,7 @@ static MagickBooleanType ReadUncompresse
       return MagickFalse;
   }
 
-  SkipRGBMipmaps(image, dds_info, 4);
-
-  return MagickTrue;
+  return(SkipRGBMipmaps(image,dds_info,4,exception));
 }
 
 /*
@@ -2324,7 +2318,8 @@ static void RemapIndices(const ssize_t *
 /*
   Skip the mipmap images for compressed (DXTn) dds files
 */
-static void SkipDXTMipmaps(Image *image, DDSInfo *dds_info, int texel_size)
+static MagickBooleanType SkipDXTMipmaps(Image *image,DDSInfo *dds_info,
+  int texel_size,ExceptionInfo *exception)
 {
   register ssize_t
     i;
@@ -2339,6 +2334,12 @@ static void SkipDXTMipmaps(Image *image,
   /*
     Only skip mipmaps for textures and cube maps
   */
+  if (EOFBlob(image) != MagickFalse)
+    {
+      ThrowFileException(exception,CorruptImageWarning,"UnexpectedEndOfFile",
+        image->filename);
+      return(MagickFalse);
+    }
   if (dds_info->ddscaps1 & DDSCAPS_MIPMAP
       && (dds_info->ddscaps1 & DDSCAPS_TEXTURE
           || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP))
@@ -2352,18 +2353,20 @@ static void SkipDXTMipmaps(Image *image,
       for (i = 1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++)
       {
         offset = (MagickOffsetType) ((w + 3) / 4) * ((h + 3) / 4) * texel_size;
-        (void) SeekBlob(image, offset, SEEK_CUR);
-
+        if (SeekBlob(image,offset,SEEK_CUR) < 0)
+          break;
         w = DIV2(w);
         h = DIV2(h);
       }
     }
+  return(MagickTrue);
 }
 
 /*
   Skip the mipmap images for uncompressed (RGB or RGBA) dds files
 */
-static void SkipRGBMipmaps(Image *image, DDSInfo *dds_info, int pixel_size)
+static MagickBooleanType SkipRGBMipmaps(Image *image,DDSInfo *dds_info,
+  int pixel_size,ExceptionInfo *exception)
 {
   MagickOffsetType
     offset;
@@ -2378,6 +2381,12 @@ static void SkipRGBMipmaps(Image *image,
   /*
     Only skip mipmaps for textures and cube maps
   */
+  if (EOFBlob(image) != MagickFalse)
+    {
+      ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile",
+        image->filename);
+      return(MagickFalse);
+    }
   if (dds_info->ddscaps1 & DDSCAPS_MIPMAP
       && (dds_info->ddscaps1 & DDSCAPS_TEXTURE
           || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP))
@@ -2391,12 +2400,13 @@ static void SkipRGBMipmaps(Image *image,
       for (i=1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++)
       {
         offset = (MagickOffsetType) w * h * pixel_size;
-        (void) SeekBlob(image, offset, SEEK_CUR);
-
+        if (SeekBlob(image,offset,SEEK_CUR) < 0)
+          break;
         w = DIV2(w);
         h = DIV2(h);
       }
     }
+  return(MagickTrue);
 }
 
 /*

Places

File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-2014-9907.patch of Package ImageMagick (Revision 5105f7d70ea283ae9c783c54f1058093)

Places