Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.1:Rings:1-MinimalX
ImageMagick
ImageMagick-CVE-2014-8355.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2014-8355.patch of Package ImageMagick
http://trac.imagemagick.org/changeset/16773 Index: coders/pcx.c =================================================================== --- coders/pcx.c.orig 2014-05-25 00:17:45.000000000 +0200 +++ coders/pcx.c 2014-11-04 09:43:56.589312155 +0100 @@ -221,6 +221,13 @@ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception) { +#define ThrowPCXException(severity,tag) \ + { \ + scanline=(unsigned char *) RelinquishMagickMemory(scanline); \ + pixel_info=RelinquishVirtualMemory(pixel_info); \ + ThrowReaderException(severity,tag); \ + } + Image *image; @@ -268,7 +275,7 @@ unsigned char packet, - *pcx_colormap, + pcx_colormap[768], *pixels, *scanline; @@ -321,7 +328,6 @@ if (offset < 0) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); } - pcx_colormap=(unsigned char *) NULL; count=ReadBlob(image,1,&pcx_info.identifier); for (id=1; id < 1024; id++) { @@ -360,10 +366,6 @@ image->x_resolution=(double) pcx_info.horizontal_resolution; image->y_resolution=(double) pcx_info.vertical_resolution; image->colors=16; - pcx_colormap=(unsigned char *) AcquireQuantumMemory(256UL, - 3*sizeof(*pcx_colormap)); - if (pcx_colormap == (unsigned char *) NULL) - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); count=ReadBlob(image,3*image->colors,pcx_colormap); pcx_info.reserved=(unsigned char) ReadBlobByte(image); pcx_info.planes=(unsigned char) ReadBlobByte(image); @@ -397,6 +399,9 @@ Read image data. */ pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*pcx_info.planes; + if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) > + (pcx_packets*8U)) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); scanline=(unsigned char *) AcquireQuantumMemory(MagickMax(image->columns, pcx_info.bytes_per_line),MagickMax(8,pcx_info.planes)*sizeof(*scanline)); pixel_info=AcquireVirtualMemory(pcx_packets,sizeof(*pixels)); @@ -419,7 +424,7 @@ { packet=(unsigned char) ReadBlobByte(image); if (EOFBlob(image) != MagickFalse) - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile"); *p++=packet; pcx_packets--; } @@ -428,7 +433,7 @@ { packet=(unsigned char) ReadBlobByte(image); if (EOFBlob(image) != MagickFalse) - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile"); if ((packet & 0xc0) != 0xc0) { *p++=packet; @@ -438,7 +443,7 @@ count=(ssize_t) (packet & 0x3f); packet=(unsigned char) ReadBlobByte(image); if (EOFBlob(image) != MagickFalse) - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile"); for ( ; count != 0; count--) { *p++=packet; @@ -457,7 +462,7 @@ Initialize image colormap. */ if (image->colors > 256) - ThrowReaderException(CorruptImageError,"ColormapExceeds256Colors"); + ThrowPCXException(CorruptImageError,"ColormapExceeds256Colors"); if ((pcx_info.bits_per_pixel*pcx_info.planes) == 1) { /* @@ -486,7 +491,6 @@ image->colormap[i].blue=ScaleCharToQuantum(*p++); } } - pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap); } /* Convert PCX raster image to pixel packets. @@ -642,8 +646,6 @@ } if (image->storage_class == PseudoClass) (void) SyncImage(image); - if (pcx_colormap != (unsigned char *) NULL) - pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap); scanline=(unsigned char *) RelinquishMagickMemory(scanline); pixel_info=RelinquishVirtualMemory(pixel_info); if (EOFBlob(image) != MagickFalse)
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor