File ImageMagick-CVE-2017-12428,12431,11534.patch of Package ImageMagick

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-12428,12431,11534.patch of Package ImageMagick (Revision 28fe9b70196491b5428f2f041642ede0)

Currently displaying revision 28fe9b70196491b5428f2f041642ede0 , Show latest

From f37d26336bf13737db45e556c25fc098f8a8b277 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 6 Jul 2017 06:13:54 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/544

---
 coders/wmf.c | 5 +++++
 1 file changed, 5 insertions(+)

Index: ImageMagick-6.8.8-1/coders/wmf.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/wmf.c	2013-12-22 03:08:38.000000000 +0100
+++ ImageMagick-6.8.8-1/coders/wmf.c	2017-10-24 15:58:47.443486950 +0200
@@ -178,6 +178,7 @@ static Image *ReadWMFImage(const ImageIn
     (void *) image);
   if (wmf_status != wmf_E_None)
     {
+      ipa_device_close(wmf_info);
       wmf_api_destroy(wmf_info);
       ThrowFileException(exception,FileOpenError,"UnableToOpenFile",
         image->filename);
@@ -187,6 +188,7 @@ static Image *ReadWMFImage(const ImageIn
   wmf_status=wmf_scan(wmf_info,0,&bounding_box);
   if (wmf_status != wmf_E_None)
     {
+      ipa_device_close(wmf_info);
       wmf_api_destroy(wmf_info);
       ThrowReaderException(DelegateError,"FailedToScanFile");
     }
@@ -197,6 +199,7 @@ static Image *ReadWMFImage(const ImageIn
     file=fdopen(unique_file,"wb");
   if ((unique_file == -1) || (file == (FILE *) NULL))
     {
+      ipa_device_close(wmf_info);
       wmf_api_destroy(wmf_info);
       ThrowReaderException(FileOpenError,"UnableToCreateTemporaryFile");
     }
@@ -205,6 +208,7 @@ static Image *ReadWMFImage(const ImageIn
   wmf_status=wmf_play(wmf_info,0,&bounding_box);
   if (wmf_status != wmf_E_None)
     {
+      ipa_device_close(wmf_info);
       wmf_api_destroy(wmf_info);
       ThrowReaderException(DelegateError,"FailedToRenderFile");
     }
@@ -820,9 +824,19 @@ static void ipa_device_close(wmfAPI * AP
   wmf_magick_t
     *ddata = WMF_MAGICK_GetData(API);
 
-  DestroyDrawingWand(ddata->draw_wand);
-  DestroyDrawInfo(ddata->draw_info);
-  RelinquishMagickMemory(WMF_MAGICK_GetFontData(API)->ps_name);
+  if (ddata->draw_wand != (DrawingWand *) NULL)
+    {
+      DestroyDrawingWand(ddata->draw_wand);
+      ddata->draw_wand=(DrawingWand *) NULL;
+    }
+  if (ddata->draw_info != (DrawInfo *) NULL)
+    {
+      DestroyDrawInfo(ddata->draw_info);
+      ddata->draw_info=(DrawInfo *)NULL;
+    }
+  if (WMF_MAGICK_GetFontData(API)->ps_name)
+    WMF_MAGICK_GetFontData(API)->ps_name=(char *) RelinquishMagickMemory(
+      WMF_MAGICK_GetFontData(API)->ps_name);
 }
 
 /*
@@ -2631,8 +2645,6 @@ static Image *ReadWMFImage(const ImageIn
   wmf_error = wmf_api_create(&API, wmf_options_flags, &wmf_api_options);
   if (wmf_error != wmf_E_None)
     {
-      if (API)
-        wmf_api_destroy(API);
       if (image->debug != MagickFalse)
         {
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -2640,6 +2652,8 @@ static Image *ReadWMFImage(const ImageIn
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
             "leave ReadWMFImage()");
         }
+      if (API)
+        wmf_api_destroy(API);
       ThrowReaderException(DelegateError,"UnableToInitializeWMFLibrary");
     }
 
@@ -2670,7 +2684,6 @@ static Image *ReadWMFImage(const ImageIn
     ipa_blob_tell,(void*)image);
   if (wmf_error != wmf_E_None)
     {
-      wmf_api_destroy(API);
       if (image->debug != MagickFalse)
         {
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -2678,6 +2691,8 @@ static Image *ReadWMFImage(const ImageIn
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
             "leave ReadWMFImage()");
         }
+      ipa_device_close(API);
+      wmf_api_destroy(API);
       ThrowFileException(exception,FileOpenError,"UnableToOpenFile",
         image->filename);
       image=DestroyImageList(image);
@@ -2694,7 +2709,6 @@ static Image *ReadWMFImage(const ImageIn
   wmf_error=wmf_scan(API, 0, &bbox);
   if (wmf_error != wmf_E_None)
     {
-      wmf_api_destroy(API);
       if (image->debug != MagickFalse)
         {
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -2702,6 +2716,8 @@ static Image *ReadWMFImage(const ImageIn
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
             "leave ReadWMFImage()");
         }
+      ipa_device_close(API);
+      wmf_api_destroy(API);
       ThrowReaderException(DelegateError,"FailedToScanFile");
     }
 
@@ -2732,7 +2748,6 @@ static Image *ReadWMFImage(const ImageIn
   wmf_error=wmf_size(API,&wmf_width,&wmf_height);
   if (wmf_error != wmf_E_None)
     {
-      wmf_api_destroy(API);
       if (image->debug != MagickFalse)
         {
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -2740,6 +2755,7 @@ static Image *ReadWMFImage(const ImageIn
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
             "leave ReadWMFImage()");
         }
+      wmf_api_destroy(API);
       ThrowReaderException(DelegateError,"FailedToComputeOutputSize");
     }
 
@@ -2900,7 +2916,6 @@ static Image *ReadWMFImage(const ImageIn
   wmf_error = wmf_play(API, 0, &bbox);
   if (wmf_error != wmf_E_None)
     {
-      wmf_api_destroy(API);
       if (image->debug != MagickFalse)
         {
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
@@ -2908,6 +2923,7 @@ static Image *ReadWMFImage(const ImageIn
           (void) LogMagickEvent(CoderEvent,GetMagickModule(),
             "leave ReadWMFImage()");
         }
+      wmf_api_destroy(API);
       ThrowReaderException(DelegateError,"FailedToRenderFile");
     }

Places

File ImageMagick-CVE-2017-12428,12431,11534.patch of Package ImageMagick (Revision 28fe9b70196491b5428f2f041642ede0)

Places