Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
ImageMagick.29424
ImageMagick-CVE-2014-9818,9826,9829.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2014-9818,9826,9829.patch of Package ImageMagick.29424
Index: ImageMagick-6.8.9-8/coders/sun.c =================================================================== --- ImageMagick-6.8.9-8.orig/coders/sun.c 2016-06-16 14:05:17.774611062 +0200 +++ ImageMagick-6.8.9-8/coders/sun.c 2016-06-16 14:10:57.324150699 +0200 @@ -309,13 +309,21 @@ static Image *ReadSUNImage(const ImageIn sun_info.type=ReadBlobMSBLong(image); sun_info.maptype=ReadBlobMSBLong(image); sun_info.maplength=ReadBlobMSBLong(image); - image->columns=sun_info.width; - image->rows=sun_info.height; extent=sun_info.height*sun_info.width; if ((sun_info.height != 0) && (sun_info.width != extent/sun_info.height)) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); if ((sun_info.depth == 0) || (sun_info.depth > 32)) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((sun_info.type != RT_STANDARD) && (sun_info.type != RT_ENCODED) && + (sun_info.type != RT_FORMAT_RGB)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((sun_info.maptype == RMT_NONE) && (sun_info.maplength != 0)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((sun_info.maptype != RMT_NONE) && (sun_info.maptype != RMT_EQUAL_RGB) && + (sun_info.maptype != RMT_RAW)) + ThrowReaderException(CoderError,"ColormapTypeNotSupported"); + image->columns=sun_info.width; + image->rows=sun_info.height; image->depth=sun_info.depth <= 8 ? sun_info.depth : MAGICKCORE_QUANTUM_DEPTH; if (sun_info.depth < 24) @@ -360,12 +368,18 @@ static Image *ReadSUNImage(const ImageIn if (sun_colormap == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); count=ReadBlob(image,image->colors,sun_colormap); + if (count != (ssize_t) image->colors) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); for (i=0; i < (ssize_t) image->colors; i++) image->colormap[i].red=ScaleCharToQuantum(sun_colormap[i]); count=ReadBlob(image,image->colors,sun_colormap); + if (count != (ssize_t) image->colors) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); for (i=0; i < (ssize_t) image->colors; i++) image->colormap[i].green=ScaleCharToQuantum(sun_colormap[i]); count=ReadBlob(image,image->colors,sun_colormap); + if (count != (ssize_t) image->colors) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); for (i=0; i < (ssize_t) image->colors; i++) image->colormap[i].blue=ScaleCharToQuantum(sun_colormap[i]); sun_colormap=(unsigned char *) RelinquishMagickMemory(sun_colormap); @@ -384,11 +398,13 @@ static Image *ReadSUNImage(const ImageIn if (sun_colormap == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); count=ReadBlob(image,sun_info.maplength,sun_colormap); + if (count != (ssize_t) sun_info.maplength) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); sun_colormap=(unsigned char *) RelinquishMagickMemory(sun_colormap); break; } default: - ThrowReaderException(CoderError,"ColormapTypeNotSupported"); + break; } image->matte=sun_info.depth == 32 ? MagickTrue : MagickFalse; image->columns=sun_info.width; @@ -410,7 +426,7 @@ static Image *ReadSUNImage(const ImageIn if (sun_data == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); count=(ssize_t) ReadBlob(image,sun_info.length,sun_data); - if ((count == 0) && (sun_info.type != RT_ENCODED)) + if (count != (ssize_t) sun_info.length) ThrowReaderException(CorruptImageError,"UnableToReadImageData"); sun_pixels=sun_data; bytes_per_line=0; @@ -436,8 +452,8 @@ static Image *ReadSUNImage(const ImageIn bytes_per_line*sizeof(*sun_pixels)); if (sun_pixels == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); - (void) DecodeImage(sun_data,sun_info.length,sun_pixels, - bytes_per_line*height); + (void) DecodeImage(sun_data,sun_info.length,sun_pixels,bytes_per_line* + height); sun_data=(unsigned char *) RelinquishMagickMemory(sun_data); } /* @@ -454,15 +470,13 @@ static Image *ReadSUNImage(const ImageIn for (x=0; x < ((ssize_t) image->columns-7); x+=8) { for (bit=7; bit >= 0; bit--) - SetPixelIndex(indexes+x+7-bit,((*p) & (0x01 << bit) ? - 0x00 : 0x01)); + SetPixelIndex(indexes+x+7-bit,((*p) & (0x01 << bit) ? 0x00 : 0x01)); p++; } if ((image->columns % 8) != 0) { - for (bit=7; bit >= (ssize_t) (8-(image->columns % 8)); bit--) - SetPixelIndex(indexes+x+7-bit,(*p) & (0x01 << bit) ? - 0x00 : 0x01); + for (bit=7; bit >= (int) (8-(image->columns % 8)); bit--) + SetPixelIndex(indexes+x+7-bit,(*p) & (0x01 << bit) ? 0x00 : 0x01); p++; } if ((((image->columns/8)+(image->columns % 8 ? 1 : 0)) % 2) != 0)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor