File ImageMagick-CVE-2017-14343,12691.patch of Package ImageMagick

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-14343,12691.patch of Package ImageMagick (Revision 0805764024224d420c8747da257bd677)

Currently displaying revision 0805764024224d420c8747da257bd677 , Show latest

Index: ImageMagick-6.8.8-1/coders/xcf.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/xcf.c	2017-12-13 21:52:10.079065527 +0100
+++ ImageMagick-6.8.8-1/coders/xcf.c	2017-12-13 22:20:33.001754132 +0100
@@ -374,8 +374,11 @@ static MagickBooleanType load_tile(Image
   graydata=(unsigned char *) xcfdata;  /* used by gray and indexed */
   count=ReadBlob(image,data_length,(unsigned char *) xcfdata);
   if (count != (ssize_t) data_length)
-    ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",
-      image->filename);
+    {
+      xcfodata=(XCFPixelPacket *) RelinquishMagickMemory(xcfodata);
+      ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",
+        image->filename);
+    }
   exception=(&image->exception);
   for (y=0; y < (ssize_t) tile_image->rows; y++)
   {
@@ -1344,10 +1361,11 @@ static Image *ReadXCFImage(const ImageIn
         &layer_info[current_layer],current_layer);
       if (layer_ok == MagickFalse)
         {
-          int j;
+          ssize_t j;
 
-          for (j=0; j < current_layer; j++)
-            layer_info[j].image=DestroyImage(layer_info[j].image);
+          for (j=0; j <= current_layer; j++)
+            if (layer_info[j].image != (Image *) NULL)
+              layer_info[j].image=DestroyImage(layer_info[j].image);
           layer_info=(XCFLayerInfo *) RelinquishMagickMemory(layer_info);
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         }

Places

File ImageMagick-CVE-2017-14343,12691.patch of Package ImageMagick (Revision 0805764024224d420c8747da257bd677)

Places