File ImageMagick-CVE-2018-17966.patch of Package ImageMagick
Index: ImageMagick-6.8.8-1/coders/pdb.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pdb.c 2018-10-10 08:18:12.228173609 +0200
+++ ImageMagick-6.8.8-1/coders/pdb.c 2018-10-10 08:37:13.681645959 +0200
@@ -828,18 +828,24 @@ static MagickBooleanType WritePDBImage(c
pdb_image.width=(short) (16*(image->columns/16+1));
pdb_image.height=(short) image->rows;
packets=((bits_per_pixel*image->columns+7)/8)*image->rows;
+ packet_size=(size_t) (image->depth > 8 ? 2: 1);
runlength=(unsigned char *) AcquireQuantumMemory(4UL*packets,
sizeof(*runlength));
- if (runlength == (unsigned char *) NULL)
- ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
buffer=(unsigned char *) AcquireQuantumMemory(257UL,sizeof(*buffer));
- if (buffer == (unsigned char *) NULL)
- ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
- packet_size=(size_t) (image->depth > 8 ? 2: 1);
scanline=(unsigned char *) AcquireQuantumMemory(image->columns,packet_size*
sizeof(*scanline));
- if (scanline == (unsigned char *) NULL)
- ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ if ((runlength == (unsigned char *) NULL) ||
+ (buffer == (unsigned char *) NULL) ||
+ (scanline == (unsigned char *) NULL))
+ {
+ if (runlength != (unsigned char *) NULL)
+ runlength=(unsigned char *) RelinquishMagickMemory(runlength);
+ if (buffer != (unsigned char *) NULL)
+ buffer=(unsigned char *) RelinquishMagickMemory(buffer);
+ if (scanline != (unsigned char *) NULL)
+ scanline=(unsigned char *) RelinquishMagickMemory(scanline);
+ ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ }
if (IssRGBCompatibleColorspace(image->colorspace) == MagickFalse)
(void) TransformImageColorspace(image,sRGBColorspace);
/*
@@ -847,7 +853,12 @@ static MagickBooleanType WritePDBImage(c
*/
quantum_info=AcquireQuantumInfo(image_info,image);
if (quantum_info == (QuantumInfo *) NULL)
- ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ {
+ runlength=(unsigned char *) RelinquishMagickMemory(runlength);
+ buffer=(unsigned char *) RelinquishMagickMemory(buffer);
+ scanline=(unsigned char *) RelinquishMagickMemory(scanline);
+ ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ }
status=SetQuantumDepth(image,quantum_info,image->depth > 8 ? 16 : 8);
bits=8/(int) bits_per_pixel-1; /* start at most significant bits */
literal=0;