File GraphicsMagick-CVE-2016-10064.patch of Package GraphicsMagick.6323

Overview Repositories Revisions Requests Users Attributes Meta

File GraphicsMagick-CVE-2016-10064.patch of Package GraphicsMagick.6323

Index: GraphicsMagick-1.3.21/coders/tiff.c
===================================================================
--- GraphicsMagick-1.3.21.orig/coders/tiff.c	2017-01-25 12:34:16.219863741 +0100
+++ GraphicsMagick-1.3.21/coders/tiff.c	2017-01-25 12:42:57.067213223 +0100
@@ -2737,15 +2737,14 @@ ReadTIFFImage(const ImageInfo *image_inf
             /*
               Convert stripped TIFF image to DirectClass MIFF image.
             */
-            number_pixels=(unsigned long) image->columns*rows_per_strip;
-            if ((number_pixels*sizeof(uint32)) != (size_t)
-                (number_pixels*sizeof(uint32)))
+            number_pixels=MagickArraySize(image->columns,rows_per_strip);
+            if (0 == number_pixels)
               {
                 TIFFClose(tiff);
                 ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
                                      image);
               }
-            strip_pixels=MagickAllocateMemory(uint32 *, (number_pixels*sizeof(uint32)));
+            strip_pixels=MagickAllocateMemory(uint32 *, MagickArraySize(number_pixels,sizeof(uint32)));
             if (strip_pixels == (uint32 *) NULL)
               {
                 TIFFClose(tiff);
@@ -2992,9 +2991,15 @@ ReadTIFFImage(const ImageInfo *image_inf
             /*
               Convert TIFF image to DirectClass MIFF image.
             */
-            number_pixels=(unsigned long) image->columns*image->rows;
+            number_pixels=MagickArraySize(image->columns,image->rows);
+            if (0 == number_pixels)
+              {
+                TIFFClose(tiff);
+                ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
+                                     image);
+              }
             pixels=MagickAllocateMemory(uint32 *,
-                                        (number_pixels+6*image->columns)*sizeof(uint32));
+                                        MagickArraySize(number_pixels+6*image->columns,sizeof(uint32)));
             if (pixels == (uint32 *) NULL)
               {
                 TIFFClose(tiff);

Places

File GraphicsMagick-CVE-2016-10064.patch of Package GraphicsMagick.6323

Places