Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
ImageMagick.9832
ImageMagick-CVE-2018-10805.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2018-10805.patch of Package ImageMagick.9832
Index: ImageMagick-6.8.8-1/coders/bgr.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/bgr.c +++ ImageMagick-6.8.8-1/coders/bgr.c @@ -189,6 +189,7 @@ static Image *ReadBGRImage(const ImageIn count=0; length=0; scene=0; + status=MagickTrue; do { /* @@ -223,6 +224,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -302,6 +304,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -400,6 +403,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -452,6 +456,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -504,6 +509,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -564,6 +570,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -621,23 +628,23 @@ static Image *ReadBGRImage(const ImageIn AppendImageFormat("B",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) + break; + if (DiscardBlobBytes(image,(MagickSizeType) image->offset) == MagickFalse) { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); + status=MagickFalse; + ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", + image->filename); + break; } - if (DiscardBlobBytes(image,(MagickSizeType) image->offset) == MagickFalse) - ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", - image->filename); length=GetQuantumExtent(canvas_image,quantum_info,BlueQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -652,6 +659,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -695,20 +703,16 @@ static Image *ReadBGRImage(const ImageIn AppendImageFormat("G",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,GreenQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -723,6 +727,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -766,20 +771,16 @@ static Image *ReadBGRImage(const ImageIn AppendImageFormat("R",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,RedQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -794,6 +795,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -838,21 +840,16 @@ static Image *ReadBGRImage(const ImageIn (void) CloseBlob(image); AppendImageFormat("A",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); - if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,AlphaQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -867,6 +864,7 @@ static Image *ReadBGRImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -918,6 +916,8 @@ static Image *ReadBGRImage(const ImageIn } } SetQuantumImageType(image,quantum_type); + if (status == MagickFalse) + return(DestroyImageList(image)); /* Proceed to next image. */ @@ -933,6 +933,8 @@ static Image *ReadBGRImage(const ImageIn if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); + quantum_info=DestroyQuantumInfo(quantum_info); + canvas_image=DestroyImage(canvas_image); return((Image *) NULL); } image=SyncNextImageInList(image); @@ -947,6 +949,8 @@ static Image *ReadBGRImage(const ImageIn InheritException(&image->exception,&canvas_image->exception); canvas_image=DestroyImage(canvas_image); (void) CloseBlob(image); + if (status == MagickFalse) + return(DestroyImageList(image)); return(GetFirstImageInList(image)); } Index: ImageMagick-6.8.8-1/coders/ycbcr.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/ycbcr.c +++ ImageMagick-6.8.8-1/coders/ycbcr.c @@ -170,7 +170,10 @@ static Image *ReadYCBCRImage(const Image (void) SetImageVirtualPixelMethod(canvas_image,BlackVirtualPixelMethod); quantum_info=AcquireQuantumInfo(image_info,canvas_image); if (quantum_info == (QuantumInfo *) NULL) - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + { + canvas_image=DestroyImage(canvas_image); + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } pixels=GetQuantumPixels(quantum_info); quantum_type=RGBQuantum; if (LocaleCompare(image_info->magick,"YCbCrA") == 0) @@ -196,6 +199,7 @@ static Image *ReadYCBCRImage(const Image count=0; length=0; scene=0; + status=MagickTrue; do { /* @@ -222,6 +226,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -293,6 +298,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -375,6 +381,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -418,6 +425,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -461,6 +469,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -506,6 +515,7 @@ static Image *ReadYCBCRImage(const Image { if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -563,23 +573,23 @@ static Image *ReadYCBCRImage(const Image AppendImageFormat("Y",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) + break; + if (DiscardBlobBytes(image,image->offset) == MagickFalse) { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); + status=MagickFalse; + ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", + image->filename); + break; } - if (DiscardBlobBytes(image,image->offset) == MagickFalse) - ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", - image->filename); length=GetQuantumExtent(canvas_image,quantum_info,RedQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -628,20 +638,16 @@ static Image *ReadYCBCRImage(const Image AppendImageFormat("Cb",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,GreenQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -690,20 +696,16 @@ static Image *ReadYCBCRImage(const Image AppendImageFormat("Cr",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,BlueQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -754,20 +756,16 @@ static Image *ReadYCBCRImage(const Image AppendImageFormat("A",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,AlphaQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -822,6 +820,8 @@ static Image *ReadYCBCRImage(const Image break; } } + if (status == MagickFalse) + break; SetQuantumImageType(image,quantum_type); /* Proceed to next image. @@ -838,6 +838,8 @@ static Image *ReadYCBCRImage(const Image if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); + quantum_info=DestroyQuantumInfo(quantum_info); + canvas_image=DestroyImage(canvas_image); return((Image *) NULL); } image=SyncNextImageInList(image); Index: ImageMagick-6.8.8-1/coders/rgb.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/rgb.c +++ ImageMagick-6.8.8-1/coders/rgb.c @@ -162,7 +162,10 @@ static Image *ReadRGBImage(const ImageIn (void) SetImageVirtualPixelMethod(canvas_image,BlackVirtualPixelMethod); quantum_info=AcquireQuantumInfo(image_info,canvas_image); if (quantum_info == (QuantumInfo *) NULL) + { + canvas_image=DestroyImage(canvas_image); ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } pixels=GetQuantumPixels(quantum_info); quantum_type=RGBQuantum; if (LocaleCompare(image_info->magick,"RGBA") == 0) @@ -193,6 +196,7 @@ static Image *ReadRGBImage(const ImageIn count=0; length=0; scene=0; + status=MagickTrue; do { /* @@ -227,6 +231,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -308,6 +313,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -406,6 +412,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -458,6 +465,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -510,6 +518,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -570,6 +579,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -627,23 +637,23 @@ static Image *ReadRGBImage(const ImageIn AppendImageFormat("R",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) + break; + if (DiscardBlobBytes(image,image->offset) == MagickFalse) { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); + status=MagickFalse; + ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", + image->filename); + break; } - if (DiscardBlobBytes(image,image->offset) == MagickFalse) - ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", - image->filename); length=GetQuantumExtent(canvas_image,quantum_info,RedQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -701,20 +711,16 @@ static Image *ReadRGBImage(const ImageIn AppendImageFormat("G",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,GreenQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -729,6 +735,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -772,20 +779,17 @@ static Image *ReadRGBImage(const ImageIn AppendImageFormat("B",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,BlueQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -800,6 +804,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -845,20 +850,16 @@ static Image *ReadRGBImage(const ImageIn AppendImageFormat("A",image->filename); status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception); if (status == MagickFalse) - { - canvas_image=DestroyImageList(canvas_image); - image=DestroyImageList(image); - return((Image *) NULL); - } + break; length=GetQuantumExtent(canvas_image,quantum_info,AlphaQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -873,6 +874,7 @@ static Image *ReadRGBImage(const ImageIn if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -923,6 +925,8 @@ static Image *ReadRGBImage(const ImageIn break; } } + if (status == MagickFalse) + break; SetQuantumImageType(image,quantum_type); /* Proceed to next image. @@ -939,6 +943,8 @@ static Image *ReadRGBImage(const ImageIn if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); + quantum_info=DestroyQuantumInfo(quantum_info); + canvas_image=DestroyImage(canvas_image); return((Image *) NULL); } image=SyncNextImageInList(image); @@ -953,6 +959,8 @@ static Image *ReadRGBImage(const ImageIn InheritException(&image->exception,&canvas_image->exception); canvas_image=DestroyImage(canvas_image); (void) CloseBlob(image); + if (status == MagickFalse) + return(DestroyImageList(image)); return(GetFirstImageInList(image)); } Index: ImageMagick-6.8.8-1/coders/gray.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/gray.c +++ ImageMagick-6.8.8-1/coders/gray.c @@ -159,7 +159,10 @@ static Image *ReadGRAYImage(const ImageI quantum_type=GrayQuantum; quantum_info=AcquireQuantumInfo(image_info,canvas_image); if (quantum_info == (QuantumInfo *) NULL) - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + { + canvas_image=DestroyImage(canvas_image); + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } pixels=GetQuantumPixels(quantum_info); if (image_info->number_scenes != 0) while (image->scene < image_info->scene) @@ -262,6 +265,8 @@ static Image *ReadGRAYImage(const ImageI if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); + quantum_info=DestroyQuantumInfo(quantum_info); + canvas_image=DestroyImage(canvas_image); return((Image *) NULL); } image=SyncNextImageInList(image); Index: ImageMagick-6.8.8-1/coders/cmyk.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/cmyk.c +++ ImageMagick-6.8.8-1/coders/cmyk.c @@ -163,6 +163,11 @@ static Image *ReadCMYKImage(const ImageI (void) SetImageVirtualPixelMethod(canvas_image,BlackVirtualPixelMethod); quantum_info=AcquireQuantumInfo(image_info,canvas_image); if (quantum_info == (QuantumInfo *) NULL) + { + canvas_image=DestroyImage(canvas_image); + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + } + if (quantum_info == (QuantumInfo *) NULL) ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); pixels=GetQuantumPixels(quantum_info); quantum_type=CMYKQuantum; @@ -189,6 +194,7 @@ static Image *ReadCMYKImage(const ImageI count=0; length=0; scene=0; + status=MagickTrue; do { /* @@ -230,6 +236,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -320,6 +327,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -421,6 +429,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -473,6 +482,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -525,6 +535,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -583,6 +594,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -640,6 +652,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -703,17 +716,21 @@ static Image *ReadCMYKImage(const ImageI return((Image *) NULL); } if (DiscardBlobBytes(image,image->offset) == MagickFalse) - ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", - image->filename); + { + status=MagickFalse; + ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", + image->filename); + break; + } length=GetQuantumExtent(canvas_image,quantum_info,CyanQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -728,6 +745,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -778,13 +796,13 @@ static Image *ReadCMYKImage(const ImageI } length=GetQuantumExtent(canvas_image,quantum_info,MagentaQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -799,6 +817,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -849,13 +868,13 @@ static Image *ReadCMYKImage(const ImageI } length=GetQuantumExtent(canvas_image,quantum_info,YellowQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -870,6 +889,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -920,13 +940,13 @@ static Image *ReadCMYKImage(const ImageI } length=GetQuantumExtent(canvas_image,quantum_info,BlackQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -947,6 +967,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -1002,13 +1023,13 @@ static Image *ReadCMYKImage(const ImageI } length=GetQuantumExtent(canvas_image,quantum_info,AlphaQuantum); for (i=0; i < (ssize_t) scene; i++) + { for (y=0; y < (ssize_t) image->extract_info.height; y++) - if (ReadBlob(image,length,pixels) != (ssize_t) length) - { - ThrowFileException(exception,CorruptImageError, - "UnexpectedEndOfFile",image->filename); - break; - } + if ((count = ReadBlob(image,length,pixels)) != (ssize_t) length) + break; + if (count != (ssize_t) length) + break; + } count=ReadBlob(image,length,pixels); for (y=0; y < (ssize_t) image->extract_info.height; y++) { @@ -1023,6 +1044,7 @@ static Image *ReadCMYKImage(const ImageI if (count != (ssize_t) length) { + status=MagickFalse; ThrowFileException(exception,CorruptImageError, "UnexpectedEndOfFile",image->filename); break; @@ -1072,6 +1094,8 @@ static Image *ReadCMYKImage(const ImageI break; } } + if (status == MagickFalse) + break; SetQuantumImageType(image,quantum_type); /* Proceed to next image. @@ -1088,6 +1112,8 @@ static Image *ReadCMYKImage(const ImageI if (GetNextImageInList(image) == (Image *) NULL) { image=DestroyImageList(image); + quantum_info=DestroyQuantumInfo(quantum_info); + canvas_image=DestroyImage(canvas_image); return((Image *) NULL); } image=SyncNextImageInList(image);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
