Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
ImageMagick.28259
ImageMagick-CVE-2017-10928.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2017-10928.patch of Package ImageMagick.28259
Index: ImageMagick-6.8.8-1/magick/token.c =================================================================== --- ImageMagick-6.8.8-1.orig/magick/token.c 2018-05-25 15:04:36.712445752 +0200 +++ ImageMagick-6.8.8-1/magick/token.c 2018-05-25 15:04:37.816461513 +0200 @@ -175,10 +175,14 @@ MagickExport void GetMagickToken(const c register ssize_t i; + + size_t + length; assert(start != (const char *) NULL); assert(token != (char *) NULL); i=0; + length=strlen(start); for (p=start; *p != '\0'; ) { while ((isspace((int) ((unsigned char) *p)) != 0) && (*p != '\0')) @@ -214,6 +218,8 @@ MagickExport void GetMagickToken(const c break; } token[i++]=(*p); + if ((p-start) >= length) + break; } break; } @@ -234,7 +240,11 @@ MagickExport void GetMagickToken(const c if ((p != q) && (*p != ',')) { for ( ; (p < q) && (*p != ','); p++) + { token[i++]=(*p); + if ((p-start) >= length) + break; + } if (*p == '%') token[i++]=(*p++); break; @@ -261,7 +271,11 @@ MagickExport void GetMagickToken(const c token[i++]=(*p); if ((*p == ')') && (*(p-1) != '\\')) break; + if ((p-start) >= length) + break; } + if ((p-start) >= length) + break; } break; } Index: ImageMagick-6.8.8-1/magick/draw.c =================================================================== --- ImageMagick-6.8.8-1.orig/magick/draw.c 2018-05-25 15:04:37.708459970 +0200 +++ ImageMagick-6.8.8-1/magick/draw.c 2018-05-25 15:05:34.549271381 +0200 @@ -1713,9 +1713,13 @@ static void GetNextToken(const char *sta register ssize_t i; + size_t + length; + assert(start != (const char *) NULL); assert(token != (char *) NULL); i=0; + length=strlen(start); p=start; while ((isspace((int) ((unsigned char) *p)) != 0) && (*p != '\0')) p++; @@ -1751,6 +1755,8 @@ static void GetNextToken(const char *sta } if (i < (ssize_t) (extent-1)) token[i++]=(*p); + if ((p-start) >= length) + break; } break; } @@ -1773,8 +1779,12 @@ static void GetNextToken(const char *sta if ((p != q) && (*p != ',')) { for ( ; (p < q) && (*p != ','); p++) + { if (i < (ssize_t) (extent-1)) token[i++]=(*p); + if ((p-start) >= length) + break; + } if (*p == '%') if (i < (ssize_t) (extent-1)) token[i++]=(*p++); @@ -1805,7 +1815,11 @@ static void GetNextToken(const char *sta token[i++]=(*p); if ((*p == ')') && (*(p-1) != '\\')) break; + if ((p-start) >= length) + break; } + if ((p-start) >= length) + break; } break; } Index: ImageMagick-6.8.8-1/coders/svg.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/svg.c 2018-05-25 15:04:36.180438157 +0200 +++ ImageMagick-6.8.8-1/coders/svg.c 2018-05-25 15:07:03.342538891 +0200 @@ -2922,6 +2922,8 @@ static Image *ReadSVGImage(const ImageIn image->y_resolution); while ((n=ReadBlob(image,MaxTextExtent,message)) != 0) { + if (n == EOF) + break; error=(GError *) NULL; (void) rsvg_handle_write(svg_handle,message,n,&error); if (error != (GError *) NULL) @@ -3122,6 +3124,8 @@ static Image *ReadSVGImage(const ImageIn message,n,image->filename); while ((n=ReadBlob(image,MaxTextExtent,message)) != 0) { + if (n == EOF) + break; status=xmlParseChunk(svg_info->parser,(char *) message,(int) n,0); if (status != 0) break;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor