Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
ImageMagick
ImageMagick-CVE-2017-14175.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-14175.patch of Package ImageMagick
From b8c63b156bf26b52e710b1a0643c846a6cd01e56 Mon Sep 17 00:00:00 2001 From: Cristy <urban-warrior@imagemagick.org> Date: Thu, 31 Aug 2017 09:10:37 -0400 Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/712 --- coders/xbm.c | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) Index: ImageMagick-6.8.8-1/coders/xbm.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/xbm.c 2013-12-01 15:47:50.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/xbm.c 2017-11-07 13:27:03.634917954 +0100 @@ -132,33 +132,39 @@ static MagickBooleanType IsXBM(const uns */ static int XBMInteger(Image *image,short int *hex_digits) -{ +{ int - c, - flag, + c; + + unsigned int value; - - value=0; - flag=0; - for ( ; ; ) - { + + /* + Skip any leading whitespace. + */ + do + { c=ReadBlobByte(image); if (c == EOF) - { - value=(-1); - break; - } + return(-1); + } while ((c == ' ') || (c == '\t') || (c == '\n') || (c == '\r')); + /* + Evaluate number. + */ + value=0; + while (hex_digits[c] >= 0) { + if (value > (unsigned int) (INT_MAX/10)) + break; + value*=16; c&=0xff; - if (isxdigit(c) != MagickFalse) - { - value=(int) ((size_t) value << 4)+hex_digits[c]; - flag++; - continue; - } - if ((hex_digits[c]) < 0 && (flag != 0)) + if (value > (unsigned int) (INT_MAX-hex_digits[c])) break; + value+=hex_digits[c]; + c=ReadBlobByte(image); + if (c == EOF) + return(-1); } - return(value); + return((int) value); } static Image *ReadXBMImage(const ImageInfo *image_info,ExceptionInfo *exception) @@ -170,6 +176,9 @@ static Image *ReadXBMImage(const ImageIn Image *image; + int + c; + MagickBooleanType status; @@ -195,7 +204,6 @@ static Image *ReadXBMImage(const ImageIn bytes_per_line, length, padding, - value, version; ssize_t @@ -230,6 +238,7 @@ static Image *ReadXBMImage(const ImageIn */ width=0; height=0; + *name='\0'; while (ReadBlobString(image,buffer) != (char *) NULL) if (sscanf(buffer,"#define %s %lu",name,&width) == 2) if ((strlen(name) >= 6) && @@ -294,6 +303,8 @@ static Image *ReadXBMImage(const ImageIn /* Initialize hex values. */ + for (i=0; i < (ssize_t)sizeof(hex_digits)/sizeof(*hex_digits); i++) + hex_digits[i]=(-1); hex_digits[(int) '0']=0; hex_digits[(int) '1']=1; hex_digits[(int) '2']=2; @@ -339,17 +350,28 @@ static Image *ReadXBMImage(const ImageIn if (version == 10) for (i=0; i < (ssize_t) (bytes_per_line*image->rows); (i+=2)) { - value=(size_t) XBMInteger(image,hex_digits); - *p++=(unsigned char) value; + c=XBMInteger(image,hex_digits); + if (c < 0) + break; + *p++=(unsigned char) c; if ((padding == 0) || (((i+2) % bytes_per_line) != 0)) - *p++=(unsigned char) (value >> 8); + *p++=(unsigned char) (c >> 8); } else for (i=0; i < (ssize_t) (bytes_per_line*image->rows); i++) { - value=(size_t) XBMInteger(image,hex_digits); - *p++=(unsigned char) value; + c=XBMInteger(image,hex_digits); + if (c < 0) + break; + *p++=(unsigned char) c; } + + if (EOFBlob(image) != MagickFalse) + { + data=(unsigned char *) RelinquishMagickMemory(data); + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } + /* Convert X bitmap image to pixel packets. */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor