Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
ImageMagick.17345
ImageMagick-CVE-2014-9806.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2014-9806.patch of Package ImageMagick.17345
From 9fdb9bf2832a1aa2c79002ae5c2ba1e8018e4ff1 Mon Sep 17 00:00:00 2001 From: dirk <dirk@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74> Date: Thu, 6 Nov 2014 21:09:54 +0000 Subject: Added missing calls to RelinquishUniqueFileResource. Avoid to leak fd in case of error. git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@16971 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 origin: http://trac.imagemagick.org/changeset/16971 --- coders/dcm.c | 28 +++++++++++++--------------- coders/dot.c | 5 ++++- coders/exr.c | 10 +++++++++- coders/pict.c | 2 ++ coders/pwp.c | 6 +++++- 5 files changed, 33 insertions(+), 18 deletions(-) Index: ImageMagick-6.8.8-1/coders/dcm.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/dcm.c 2016-06-09 13:59:37.321065529 +0200 +++ ImageMagick-6.8.8-1/coders/dcm.c 2016-06-09 14:20:34.742326992 +0200 @@ -3561,28 +3561,32 @@ static Image *ReadDCMImage(const ImageIn unsigned int tag; + tag=(ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image); + length=(size_t) ReadBlobLSBLong(image); + if (tag == 0xFFFEE0DD) + break; /* sequence delimiter tag */ + if (tag != 0xFFFEE000) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); file=(FILE *) NULL; unique_file=AcquireUniqueFileResource(filename); if (unique_file != -1) file=fdopen(unique_file,"wb"); - if ((unique_file == -1) || (file == (FILE *) NULL)) + if (file == (FILE *) NULL) { + (void) RelinquishUniqueFileResource(filename); ThrowFileException(exception,FileOpenError, "UnableToCreateTemporaryFile",filename); break; } - tag=(ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image); - length=(size_t) ReadBlobLSBLong(image); - if (tag == 0xFFFEE0DD) - break; /* sequence delimiter tag */ - if (tag != 0xFFFEE000) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); for ( ; length != 0; length--) { c=ReadBlobByte(image); if (c == EOF) - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); + { + ThrowFileException(exception,CorruptImageError, + "UnexpectedEndOfFile",image->filename); + break; + } (void) fputc(c,file); } (void) fclose(file); Index: ImageMagick-6.8.8-1/coders/dot.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/dot.c 2013-12-01 15:47:50.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/dot.c 2016-06-09 13:59:37.321065529 +0200 @@ -142,7 +142,10 @@ static Image *ReadDOTImage(const ImageIn graph=agread(GetBlobFileHandle(image),(Agdisc_t *) NULL); #endif if (graph == (graph_t *) NULL) - return ((Image *) NULL); + { + (void) RelinquishUniqueFileResource(read_info->filename); + return ((Image *) NULL); + } option=GetImageOption(image_info,"dot:layout-engine"); if (option == (const char *) NULL) gvLayout(graphic_context,graph,(char *) "dot"); Index: ImageMagick-6.8.8-1/coders/exr.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/exr.c 2013-12-01 15:47:50.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/exr.c 2016-06-09 13:59:37.321065529 +0200 @@ -192,6 +192,8 @@ static Image *ReadEXRImage(const ImageIn { ThrowFileException(exception,BlobError,"UnableToOpenBlob", ImfErrorMessage()); + if (LocaleCompare(image_info->filename,read_info->filename) != 0) + (void) RelinquishUniqueFileResource(read_info->filename); read_info=DestroyImageInfo(read_info); return((Image *) NULL); } @@ -214,6 +216,9 @@ static Image *ReadEXRImage(const ImageIn if (scanline == (ImfRgba *) NULL) { (void) ImfCloseInputFile(file); + if (LocaleCompare(image_info->filename,read_info->filename) != 0) + (void) RelinquishUniqueFileResource(read_info->filename); + read_info=DestroyImageInfo(read_info); ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); } for (y=0; y < (ssize_t) image->rows; y++) @@ -417,15 +422,18 @@ static MagickBooleanType WriteEXRImage(c ImfDeleteHeader(hdr_info); if (file == (ImfOutputFile *) NULL) { + (void) RelinquishUniqueFileResource(write_info->filename); + write_info=DestroyImageInfo(write_info); ThrowFileException(&image->exception,BlobError,"UnableToOpenBlob", ImfErrorMessage()); - write_info=DestroyImageInfo(write_info); return(MagickFalse); } scanline=(ImfRgba *) AcquireQuantumMemory(image->columns,sizeof(*scanline)); if (scanline == (ImfRgba *) NULL) { (void) ImfCloseOutputFile(file); + (void) RelinquishUniqueFileResource(write_info->filename); + write_info=DestroyImageInfo(write_info); ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); } ResetMagickMemory(scanline,0,image->columns*sizeof(*scanline)); Index: ImageMagick-6.8.8-1/coders/pict.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/pict.c 2016-06-09 13:59:37.321065529 +0200 +++ ImageMagick-6.8.8-1/coders/pict.c 2016-06-09 14:09:47.899350313 +0200 @@ -1377,6 +1377,7 @@ static Image *ReadPICTImage(const ImageI { (void) CopyMagickString(image->filename,read_info->filename, MaxTextExtent); + (void) RelinquishUniqueFileResource(read_info->filename); ThrowFileException(exception,FileOpenError, "UnableToCreateTemporaryFile",image->filename); image=DestroyImageList(image); Index: ImageMagick-6.8.8-1/coders/pwp.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/pwp.c 2013-12-01 15:47:50.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/pwp.c 2016-06-09 13:59:37.321065529 +0200 @@ -192,7 +192,10 @@ static Image *ReadPWPImage(const ImageIn if (c == EOF) break; if (LocaleNCompare((char *) (magick+12),"SFW94A",6) != 0) - ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + { + (void) RelinquishUniqueFileResource(read_info->filename); + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + } /* Dump SFW image to a temporary file. */ @@ -201,6 +204,7 @@ static Image *ReadPWPImage(const ImageIn file=fdopen(unique_file,"wb"); if ((unique_file == -1) || (file == (FILE *) NULL)) { + (void) RelinquishUniqueFileResource(read_info->filename); ThrowFileException(exception,FileOpenError,"UnableToWriteFile", image->filename); image=DestroyImageList(image);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor