File ImageMagick-CVE-2020-25676.patch of Package ImageMagick.24649

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2020-25676.patch of Package ImageMagick.24649

Index: ImageMagick-6.8.8-1/magick/pixel.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/pixel.c	2013-12-01 15:47:50.000000000 +0100
+++ ImageMagick-6.8.8-1/magick/pixel.c	2020-12-04 11:03:37.839006142 +0100
@@ -4213,6 +4213,15 @@ static inline void CatromWeights(const M
   (*weights)[2]=x-(*weights)[3]-gamma;
 }
 
+static inline double ConstrainPixelOffset(double x)
+{
+  if (x < (double) -(SSIZE_MAX-512))
+    return((double) -(SSIZE_MAX-512));
+  if (x > (double) (SSIZE_MAX-512))
+    return((double) (SSIZE_MAX-512));
+  return(x);
+}
+
 static inline void SplineWeights(const MagickRealType x,
   MagickRealType (*weights)[4])
 {
@@ -4278,8 +4287,8 @@ MagickExport MagickBooleanType Interpola
   assert(image->signature == MagickSignature);
   assert(image_view != (CacheView *) NULL);
   status=MagickTrue;
-  x_offset=(ssize_t) floor(x);
-  y_offset=(ssize_t) floor(y);
+  x_offset=(ssize_t) floor(ConstrainPixelOffset(x));
+  y_offset=(ssize_t) floor(ConstrainPixelOffset(y));
   interpolate = method;
   if ( interpolate == UndefinedInterpolatePixel )
     interpolate = image->interpolate;
@@ -4296,8 +4305,8 @@ MagickExport MagickBooleanType Interpola
       if (interpolate == Average9InterpolatePixel)
         {
           count=3;
-          x_offset=(ssize_t) (floor(x+0.5)-1);
-          y_offset=(ssize_t) (floor(y+0.5)-1);
+          x_offset=(ssize_t) (floor(ConstrainPixelOffset(x)+0.5)-1);
+          y_offset=(ssize_t) (floor(ConstrainPixelOffset(y)+0.5)-1);
         }
       else
         if (interpolate == Average16InterpolatePixel)

Places

File ImageMagick-CVE-2020-25676.patch of Package ImageMagick.24649

Places