/[packages]/updates/3/imagemagick/current/SOURCES/imagemagick-CVE-2014-8355.patch
ViewVC logotype

Contents of /updates/3/imagemagick/current/SOURCES/imagemagick-CVE-2014-8355.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 796911 - (show annotations) (download)
Fri Nov 14 00:17:18 2014 UTC (9 years, 4 months ago) by luigiwalser
File size: 4539 byte(s)
rediff upstream patches to fix CVE-2014-835[45], CVE-2014-8562, CVE-2014-8716
1 --- ImageMagick-6.8.1-1/coders/pcx.c.orig 2012-12-07 08:14:16.000000000 -0500
2 +++ ImageMagick-6.8.1-1/coders/pcx.c 2014-11-13 19:01:34.905378965 -0500
3 @@ -220,6 +220,13 @@ static inline size_t MagickMin(const siz
4
5 static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
6 {
7 +#define ThrowPCXException(severity,tag) \
8 + { \
9 + scanline=(unsigned char *) RelinquishMagickMemory(scanline); \
10 + pixel_info=RelinquishVirtualMemory(pixel_info); \
11 + ThrowReaderException(severity,tag); \
12 + }
13 +
14 Image
15 *image;
16
17 @@ -264,7 +271,7 @@ static Image *ReadPCXImage(const ImageIn
18
19 unsigned char
20 packet,
21 - *pcx_colormap,
22 + pcx_colormap[768],
23 *pcx_pixels,
24 *scanline;
25
26 @@ -317,7 +324,6 @@ static Image *ReadPCXImage(const ImageIn
27 if (offset < 0)
28 ThrowReaderException(CorruptImageError,"ImproperImageHeader");
29 }
30 - pcx_colormap=(unsigned char *) NULL;
31 count=ReadBlob(image,1,&pcx_info.identifier);
32 for (id=1; id < 1024; id++)
33 {
34 @@ -350,10 +356,6 @@ static Image *ReadPCXImage(const ImageIn
35 image->x_resolution=(double) pcx_info.horizontal_resolution;
36 image->y_resolution=(double) pcx_info.vertical_resolution;
37 image->colors=16;
38 - pcx_colormap=(unsigned char *) AcquireQuantumMemory(256UL,
39 - 3*sizeof(*pcx_colormap));
40 - if (pcx_colormap == (unsigned char *) NULL)
41 - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
42 count=ReadBlob(image,3*image->colors,pcx_colormap);
43 pcx_info.reserved=(unsigned char) ReadBlobByte(image);
44 pcx_info.planes=(unsigned char) ReadBlobByte(image);
45 @@ -387,6 +389,9 @@ static Image *ReadPCXImage(const ImageIn
46 pcx_packets=(size_t) image->rows*pcx_info.bytes_per_line*
47 pcx_info.planes;
48 pcx_pixels=(unsigned char *) AcquireQuantumMemory(pcx_packets,
49 + if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) >
50 + (pcx_packets*8U))
51 + ThrowReaderException(CorruptImageError,"ImproperImageHeader");
52 sizeof(*pcx_pixels));
53 scanline=(unsigned char *) AcquireQuantumMemory(MagickMax(image->columns,
54 pcx_info.bytes_per_line),MagickMax(8,pcx_info.planes)*sizeof(*scanline));
55 @@ -402,7 +407,7 @@ static Image *ReadPCXImage(const ImageIn
56 {
57 packet=(unsigned char) ReadBlobByte(image);
58 if (EOFBlob(image) != MagickFalse)
59 - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
60 + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
61 *p++=packet;
62 pcx_packets--;
63 }
64 @@ -411,7 +416,7 @@ static Image *ReadPCXImage(const ImageIn
65 {
66 packet=(unsigned char) ReadBlobByte(image);
67 if (EOFBlob(image) != MagickFalse)
68 - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
69 + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
70 if ((packet & 0xc0) != 0xc0)
71 {
72 *p++=packet;
73 @@ -421,7 +426,7 @@ static Image *ReadPCXImage(const ImageIn
74 count=(ssize_t) (packet & 0x3f);
75 packet=(unsigned char) ReadBlobByte(image);
76 if (EOFBlob(image) != MagickFalse)
77 - ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
78 + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile");
79 for ( ; count != 0; count--)
80 {
81 *p++=packet;
82 @@ -440,7 +445,7 @@ static Image *ReadPCXImage(const ImageIn
83 Initialize image colormap.
84 */
85 if (image->colors > 256)
86 - ThrowReaderException(CorruptImageError,"ColormapExceeds256Colors");
87 + ThrowPCXException(CorruptImageError,"ColormapExceeds256Colors");
88 if ((pcx_info.bits_per_pixel*pcx_info.planes) == 1)
89 {
90 /*
91 @@ -469,7 +474,6 @@ static Image *ReadPCXImage(const ImageIn
92 image->colormap[i].blue=ScaleCharToQuantum(*p++);
93 }
94 }
95 - pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
96 }
97 /*
98 Convert PCX raster image to pixel packets.
99 @@ -626,8 +630,6 @@ static Image *ReadPCXImage(const ImageIn
100 if (image->storage_class == PseudoClass)
101 (void) SyncImage(image);
102 scanline=(unsigned char *) RelinquishMagickMemory(scanline);
103 - if (pcx_colormap != (unsigned char *) NULL)
104 - pcx_colormap=(unsigned char *) RelinquishMagickMemory(pcx_colormap);
105 pcx_pixels=(unsigned char *) RelinquishMagickMemory(pcx_pixels);
106 if (EOFBlob(image) != MagickFalse)
107 {

  ViewVC Help
Powered by ViewVC 1.1.30