Overview

File ImageMagick-CVE-2018-17966.patch of Package ImageMagick

Index: ImageMagick-6.8.8-1/coders/pdb.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pdb.c	2018-10-10 08:18:12.228173609 +0200
+++ ImageMagick-6.8.8-1/coders/pdb.c	2018-10-10 08:37:13.681645959 +0200
@@ -828,18 +828,24 @@ static MagickBooleanType WritePDBImage(c
     pdb_image.width=(short) (16*(image->columns/16+1));
   pdb_image.height=(short) image->rows;
   packets=((bits_per_pixel*image->columns+7)/8)*image->rows;
+  packet_size=(size_t) (image->depth > 8 ? 2: 1);
   runlength=(unsigned char *) AcquireQuantumMemory(4UL*packets,
     sizeof(*runlength));
-  if (runlength == (unsigned char *) NULL)
-    ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
   buffer=(unsigned char *) AcquireQuantumMemory(257UL,sizeof(*buffer));
-  if (buffer == (unsigned char *) NULL)
-    ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
-  packet_size=(size_t) (image->depth > 8 ? 2: 1);
   scanline=(unsigned char *) AcquireQuantumMemory(image->columns,packet_size*
     sizeof(*scanline));
-  if (scanline == (unsigned char *) NULL)
-    ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+  if ((runlength == (unsigned char *) NULL) ||
+      (buffer == (unsigned char *) NULL) ||
+      (scanline == (unsigned char *) NULL))
+    {
+      if (runlength != (unsigned char *) NULL)
+        runlength=(unsigned char *) RelinquishMagickMemory(runlength);
+      if (buffer != (unsigned char *) NULL)
+        buffer=(unsigned char *) RelinquishMagickMemory(buffer);
+      if (scanline != (unsigned char *) NULL)
+        scanline=(unsigned char *) RelinquishMagickMemory(scanline);
+      ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+    }
   if (IssRGBCompatibleColorspace(image->colorspace) == MagickFalse)
     (void) TransformImageColorspace(image,sRGBColorspace);
   /*
@@ -847,7 +853,12 @@ static MagickBooleanType WritePDBImage(c
   */
   quantum_info=AcquireQuantumInfo(image_info,image);
   if (quantum_info == (QuantumInfo *) NULL)
-    ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+    {
+      runlength=(unsigned char *) RelinquishMagickMemory(runlength);
+      buffer=(unsigned char *) RelinquishMagickMemory(buffer);
+      scanline=(unsigned char *) RelinquishMagickMemory(scanline);
+      ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+    }
   status=SetQuantumDepth(image,quantum_info,image->depth > 8 ? 16 : 8);
   bits=8/(int) bits_per_pixel-1;  /* start at most significant bits */
   literal=0;
openSUSE Build Service is sponsored by
Places