File ImageMagick-CVE-2020-25675.patch of Package ImageMagick.24649

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2020-25675.patch of Package ImageMagick.24649

Index: ImageMagick-6.8.8-1/magick/transform.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/transform.c	2020-12-09 17:15:19.364450122 +0100
+++ ImageMagick-6.8.8-1/magick/transform.c	2020-12-09 17:15:23.592477838 +0100
@@ -835,14 +835,23 @@ MagickExport Image *CropImage(const Imag
 %
 */
 
-static inline double MagickRound(double x)
+static inline double ConstrainPixelOffset(double x)
+{
+  if (x < (double) -(SSIZE_MAX-512))
+    return((double) -(SSIZE_MAX-512));
+  if (x > (double) (SSIZE_MAX-512))
+    return((double) (SSIZE_MAX-512));
+  return(x);
+}
+
+static inline ssize_t PixelRoundOffset(double x)
 {
   /*
     Round the fraction to nearest integer.
   */
   if ((x-floor(x)) < (ceil(x)-x))
-    return(floor(x));
-  return(ceil(x));
+    return((ssize_t) floor(ConstrainPixelOffset(x)));
+  return((ssize_t) ceil(ConstrainPixelOffset(x)));
 }
 
 MagickExport Image *CropImageToTiles(const Image *image,
@@ -907,18 +916,18 @@ MagickExport Image *CropImageToTiles(con
       {
         if ((flags & AspectValue) == 0)
           {
-            crop.y=(ssize_t) MagickRound((MagickRealType) (offset.y-
+            crop.y=PixelRoundOffset((MagickRealType) (offset.y-
               (geometry.y > 0 ? 0 : geometry.y)));
             offset.y+=delta.y;   /* increment now to find width */
-            crop.height=(size_t) MagickRound((MagickRealType) (offset.y+
+            crop.height=(size_t) PixelRoundOffset((MagickRealType) (offset.y+
               (geometry.y < 0 ? 0 : geometry.y)));
           }
         else
           {
-            crop.y=(ssize_t) MagickRound((MagickRealType) (offset.y-
+            crop.y=PixelRoundOffset((MagickRealType) (offset.y-
               (geometry.y > 0 ? geometry.y : 0)));
             offset.y+=delta.y;  /* increment now to find width */
-            crop.height=(size_t) MagickRound((MagickRealType) (offset.y+
+            crop.height=(size_t) PixelRoundOffset((MagickRealType) (offset.y+
               (geometry.y < 0 ? geometry.y : 0)));
           }
         crop.height-=crop.y;
@@ -927,18 +936,18 @@ MagickExport Image *CropImageToTiles(con
         {
           if ((flags & AspectValue) == 0)
             {
-              crop.x=(ssize_t) MagickRound((MagickRealType) (offset.x-
+              crop.x=PixelRoundOffset((MagickRealType) (offset.x-
                 (geometry.x > 0 ? 0 : geometry.x)));
               offset.x+=delta.x;  /* increment now to find height */
-              crop.width=(size_t) MagickRound((MagickRealType) (offset.x+
+              crop.width=(size_t) PixelRoundOffset((MagickRealType) (offset.x+
                 (geometry.x < 0 ? 0 : geometry.x)));
             }
           else
             {
-              crop.x=(ssize_t) MagickRound((MagickRealType) (offset.x-
+              crop.x=PixelRoundOffset((MagickRealType) (offset.x-
                 (geometry.x > 0 ? geometry.x : 0)));
               offset.x+=delta.x;  /* increment now to find height */
-              crop.width=(size_t) MagickRound((MagickRealType) (offset.x+
+              crop.width=(size_t) PixelRoundOffset((MagickRealType) (offset.x+
                 (geometry.x < 0 ? geometry.x : 0)));
             }
           crop.width-=crop.x;

Places

File ImageMagick-CVE-2020-25675.patch of Package ImageMagick.24649

Places