Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
GraphicsMagick.8728
GraphicsMagick-CVE-2016-8683.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File GraphicsMagick-CVE-2016-8683.patch of Package GraphicsMagick.8728
--- a/coders/pcx.c Sat Sep 10 16:48:12 2016 -0500 +++ b/coders/pcx.c Sat Sep 10 17:01:18 2016 -0500 @@ -251,6 +251,9 @@ size_t pcx_packets; + magick_off_t + file_size; + /* Open image file. */ @@ -292,6 +295,7 @@ if (SeekBlob(image,(ExtendedSignedIntegralType) page_table[0],SEEK_SET) == -1) ThrowPCXReaderException(CorruptImageError,ImproperImageHeader,image); + file_size=GetBlobSize(image); count=ReadBlob(image,1,(char *) &pcx_info.identifier); for (id=1; id < 1024; id++) { @@ -455,6 +459,34 @@ if (CheckImagePixelLimits(image, exception) != MagickPass) ThrowReaderException(ResourceLimitError,ImagePixelLimitExceeded,image); + + /* + Check that filesize is reasonable given header + */ + { + double + uncompressed_size; + + uncompressed_size=((double) image->rows*pcx_info.bytes_per_line*pcx_info.planes); + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Uncompressed size: %.0f", uncompressed_size); + if (pcx_info.encoding == 0) + { + /* Not compressed */ + if (uncompressed_size > file_size) + ThrowReaderException(CorruptImageError,InsufficientImageDataInFile, + image); + } + else + { + /* RLE compressed */ + if (uncompressed_size > file_size*254.0) + ThrowReaderException(CorruptImageError,InsufficientImageDataInFile, + image); + } + } + + /* Read image data. */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor