Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
SUSE:SLE-15-SP4:Update
ImageMagick
ImageMagick-CVE-2023-34153.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2023-34153.patch of Package ImageMagick
Index: ImageMagick-7.1.0-9/coders/video.c =================================================================== --- ImageMagick-7.1.0-9.orig/coders/video.c +++ ImageMagick-7.1.0-9/coders/video.c @@ -64,6 +64,16 @@ #include "MagickCore/utility-private.h" /* + Global declarations. +*/ +static const char* + intermediate_formats[] = + { + "pam", + "webp" + }; + +/* Forward declarations. */ static MagickBooleanType @@ -96,15 +106,6 @@ static MagickBooleanType % */ -static MagickBooleanType IsAVI(const unsigned char *magick,const size_t length) -{ - if (length < 4) - return(MagickFalse); - if (memcmp(magick,"RIFF",4) == 0) - return(MagickTrue); - return(MagickFalse); -} - static MagickBooleanType IsPNG(const unsigned char *magick,const size_t length) { if (length < 8) @@ -151,6 +152,22 @@ static MagickBooleanType IsVIDEO(const u % o exception: return any errors or warnings in this structure. % */ + +static const char *GetIntermediateFormat(const ImageInfo *image_info) +{ + const char + *option; + + option=GetImageOption(image_info,"video:intermediate-format"); + if (LocaleCompare(option,"pam") == 0) + return(intermediate_formats[0]); +#if defined(MAGICKCORE_WEBP_DELEGATE) + return(intermediate_formats[1]); +#else + return(intermediate_formats[0]); +#endif +} + static Image *ReadVIDEOImage(const ImageInfo *image_info, ExceptionInfo *exception) { @@ -173,11 +190,11 @@ static Image *ReadVIDEOImage(const Image */ assert(image_info != (const ImageInfo *) NULL); assert(image_info->signature == MagickCoreSignature); - if (image_info->debug != MagickFalse) - (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s", - image_info->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); + if (IsEventLogging() != MagickFalse) + (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s", + image_info->filename); image=AcquireImage(image_info,exception); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) @@ -200,10 +217,10 @@ static Image *ReadVIDEOImage(const Image message[MagickPathExtent]; char - *options, - *sanitized_option; + *options; const char + *intermediate_format, *option; int @@ -216,40 +233,45 @@ static Image *ReadVIDEOImage(const Image option=GetImageOption(image_info,"video:vsync"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -vsync %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -vsync \"%s\""," -vsync '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } option=GetImageOption(image_info,"video:pixel-format"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -pix_fmt \"%s\""," -pix_fmt '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } else if (LocaleNCompare(image_info->magick,"APNG",MagickPathExtent) == 0) (void) ConcatenateMagickString(options," -pix_fmt rgba", MagickPathExtent); + intermediate_format=GetIntermediateFormat(image_info); + (void) FormatLocaleString(command,MagickPathExtent," -vcodec %s", + intermediate_format); + (void) ConcatenateMagickString(options,command,MagickPathExtent); AcquireUniqueFilename(read_info->unique); + (void) AcquireUniqueSymbolicLink(image_info->filename, + read_info->filename); (void) FormatLocaleString(command,MagickPathExtent, GetDelegateCommands(delegate_info),read_info->filename,options, read_info->unique); options=DestroyString(options); - (void) CopyMagickString(read_info->magick,"pam",MagickPathExtent); + (void) CopyMagickString(read_info->magick,intermediate_format, + MagickPathExtent); (void) CopyMagickString(read_info->filename,read_info->unique, MagickPathExtent); exit_code=ExternalDelegateCommand(MagickFalse,image_info->verbose, command,message,exception); if (exit_code == 0) images=ReadImage(read_info,exception); - else if (*message != '\0') - (void) ThrowMagickException(exception,GetMagickModule(), - DelegateError,"VideoDelegateFailed","`%s'",message); + else + if (*message != '\0') + (void) ThrowMagickException(exception,GetMagickModule(),DelegateError, + "VideoDelegateFailed","`%s'",message); + (void) RelinquishUniqueFileResource(read_info->filename); (void) RelinquishUniqueFileResource(read_info->unique); if (images != (Image *) NULL) for (next=images; next != (Image *) NULL; next=next->next) @@ -310,7 +332,6 @@ ModuleExport size_t RegisterVIDEOImage(v (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("VIDEO","AVI","Microsoft Audio/Visual Interleaved"); entry->decoder=(DecodeImageHandler *) ReadVIDEOImage; - entry->magick=(IsImageFormatHandler *) IsAVI; entry->flags^=CoderBlobSupportFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("VIDEO","FLV","Flash Video Stream"); @@ -513,12 +534,13 @@ static MagickBooleanType CopyDelegateFil static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info, Image *image,ExceptionInfo *exception) { -#define WriteVIDEOIntermediateFormat "pam" - char basename[MagickPathExtent], filename[MagickPathExtent]; + const char + *intermediate_format; + const DelegateInfo *delegate_info; @@ -526,7 +548,7 @@ static MagickBooleanType WriteVIDEOImage delay; Image - *coalesce_image; + *clone_images; ImageInfo *write_info; @@ -558,27 +580,28 @@ static MagickBooleanType WriteVIDEOImage assert(image_info->signature == MagickCoreSignature); assert(image != (Image *) NULL); assert(image->signature == MagickCoreSignature); - if (image->debug != MagickFalse) - (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); assert(exception != (ExceptionInfo *) NULL); assert(exception->signature == MagickCoreSignature); + if (IsEventLogging() != MagickFalse) + (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename); /* Write intermediate files. */ - coalesce_image=CoalesceImages(image,exception); - if (coalesce_image == (Image *) NULL) + clone_images=CloneImageList(image,exception); + if (clone_images == (Image *) NULL) return(MagickFalse); file=AcquireUniqueFileResource(basename); if (file != -1) file=close(file)-1; - (void) FormatLocaleString(coalesce_image->filename,MagickPathExtent,"%s", + (void) FormatLocaleString(clone_images->filename,MagickPathExtent,"%s", basename); count=0; write_info=CloneImageInfo(image_info); write_info->file=(FILE *) NULL; *write_info->magick='\0'; status=MagickTrue; - for (p=coalesce_image; p != (Image *) NULL; p=GetNextImageInList(p)) + intermediate_format=GetIntermediateFormat(image_info); + for (p=clone_images; p != (Image *) NULL; p=GetNextImageInList(p)) { char previous_image[MagickPathExtent]; @@ -600,12 +623,11 @@ static MagickBooleanType WriteVIDEOImage *frame; (void) FormatLocaleString(p->filename,MagickPathExtent,"%s%.20g.%s", - basename,(double) p->scene,WriteVIDEOIntermediateFormat); + basename,(double) p->scene,intermediate_format); (void) FormatLocaleString(filename,MagickPathExtent,"%s%.20g.%s", - basename,(double) p->scene,WriteVIDEOIntermediateFormat); + basename,(double) p->scene,intermediate_format); (void) FormatLocaleString(previous_image,MagickPathExtent, - "%s%.20g.%s",basename,(double) p->scene, - WriteVIDEOIntermediateFormat); + "%s%.20g.%s",basename,(double) p->scene,intermediate_format); frame=CloneImage(p,0,0,MagickTrue,exception); if (frame == (Image *) NULL) break; @@ -621,7 +643,7 @@ static MagickBooleanType WriteVIDEOImage default: { (void) FormatLocaleString(filename,MagickPathExtent,"%s%.20g.%s", - basename,(double) p->scene,WriteVIDEOIntermediateFormat); + basename,(double) p->scene,intermediate_format); if (length > 0) status=BlobToFile(filename,blob,length,exception); break; @@ -632,11 +654,11 @@ static MagickBooleanType WriteVIDEOImage if (status != MagickFalse) (void) LogMagickEvent(CoderEvent,GetMagickModule(), "%.20g. Wrote %s file for scene %.20g:",(double) i, - WriteVIDEOIntermediateFormat,(double) p->scene); + intermediate_format,(double) p->scene); else (void) LogMagickEvent(CoderEvent,GetMagickModule(), "%.20g. Failed to write %s file for scene %.20g:",(double) i, - WriteVIDEOIntermediateFormat,(double) p->scene); + intermediate_format,(double) p->scene); (void) LogMagickEvent(CoderEvent,GetMagickModule(),"%s",filename); } } @@ -657,8 +679,7 @@ static MagickBooleanType WriteVIDEOImage message[MagickPathExtent]; char - *options, - *sanitized_option; + *options; const char *option; @@ -668,20 +689,18 @@ static MagickBooleanType WriteVIDEOImage options=AcquireString(""); (void) FormatLocaleString(options,MagickPathExtent,"-plays %i", - (int) coalesce_image->iterations); + (int) clone_images->iterations); option=GetImageOption(image_info,"video:pixel-format"); if (option != (const char *) NULL) { - sanitized_option=SanitizeDelegateString(option); - (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s", - sanitized_option); - DestroyString(sanitized_option); + FormatSanitizedDelegateOption(command,MagickPathExtent, + " -pix_fmt \"%s\""," -pix_fmt '%s'",option); (void) ConcatenateMagickString(options,command,MagickPathExtent); } AcquireUniqueFilename(write_info->unique); (void) FormatLocaleString(command,MagickPathExtent, - GetDelegateCommands(delegate_info),basename,options,write_info->unique, - image_info->magick); + GetDelegateCommands(delegate_info),basename,intermediate_format, + options,write_info->unique,image_info->magick); options=DestroyString(options); exit_code=ExternalDelegateCommand(MagickFalse,image_info->verbose, command,message,exception); @@ -705,18 +724,18 @@ static MagickBooleanType WriteVIDEOImage Relinquish resources. */ count=0; - for (p=coalesce_image; p != (Image *) NULL; p=GetNextImageInList(p)) + for (p=clone_images; p != (Image *) NULL; p=GetNextImageInList(p)) { delay=100.0*p->delay/MagickMax(1.0*p->ticks_per_second,1.0); for (i=0; i < (ssize_t) MagickMax((1.0*delay+1.0)/3.0,1.0); i++) { (void) FormatLocaleString(p->filename,MagickPathExtent,"%s%.20g.%s", - basename,(double) count++,WriteVIDEOIntermediateFormat); + basename,(double) count++,intermediate_format); (void) RelinquishUniqueFileResource(p->filename); } (void) CopyMagickString(p->filename,image_info->filename,MagickPathExtent); } (void) RelinquishUniqueFileResource(basename); - coalesce_image=DestroyImageList(coalesce_image); + clone_images=DestroyImageList(clone_images); return(status); } Index: ImageMagick-7.1.0-9/coders/video.h =================================================================== --- ImageMagick-7.1.0-9.orig/coders/video.h +++ ImageMagick-7.1.0-9/coders/video.h @@ -17,8 +17,7 @@ #include "coders/coders-private.h" #define MagickVIDEOHeaders \ - MagickCoderHeader("VIDEO", 0, "\000\000\001\263") \ - MagickCoderHeader("VIDEO", 0, "RIFF") + MagickCoderHeader("VIDEO", 0, "\000\000\001\263") #define MagickVIDEOAliases \ MagickCoderAlias("VIDEO", "3GP") \ Index: ImageMagick-7.1.0-9/config/delegates.xml.in =================================================================== --- ImageMagick-7.1.0-9.orig/config/delegates.xml.in +++ ImageMagick-7.1.0-9/config/delegates.xml.in @@ -120,6 +120,6 @@ <delegate decode="xps:cmyk" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSCMYKDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> <delegate decode="xps:color" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSColorDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> <delegate decode="xps:mono" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSMonoDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/> - <delegate decode="video:decode" command=""@VIDEODecodeDelegate@" -nostdin -loglevel error -i "%s" -vcodec pam -an -f rawvideo -y %s "%s""/> - <delegate encode="video:encode" stealth="True" command=""@VIDEOEncodeDelegate@" -nostdin -loglevel error -i "%s%%d.pam" %s "%s.%s""/> + <delegate decode="video:decode" command=""@VIDEODecodeDelegate@" -nostdin -loglevel error -i "%s" -an -f rawvideo -y %s "%s""/> + <delegate encode="video:encode" stealth="True" command=""@VIDEOEncodeDelegate@" -nostdin -loglevel error -i "%s%%d.%s" %s "%s.%s""/> </delegatemap> Index: ImageMagick-7.1.0-9/MagickCore/delegate-private.h =================================================================== --- ImageMagick-7.1.0-9.orig/MagickCore/delegate-private.h +++ ImageMagick-7.1.0-9/MagickCore/delegate-private.h @@ -107,6 +107,19 @@ static inline char *SanitizeDelegateStri return(sanitize_source); } +static inline void FormatSanitizedDelegateOption(char *string, + const size_t length,const char *magick_unused(windows_format), + const char *non_windows_format,const char *option) +{ + char + *sanitized_option; + + magick_unreferenced(windows_format); + sanitized_option=SanitizeDelegateString(option); + (void) FormatLocaleString(string,length,non_windows_format,sanitized_option); + sanitized_option=DestroyString(sanitized_option); +} + extern MagickPrivate MagickBooleanType DelegateComponentGenesis(void);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
