File ImageMagick-CVE-2020-27772.patch of Package ImageMagick

Index: ImageMagick-6.8.8-1/coders/bmp.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/bmp.c	2020-12-07 15:30:16.536560842 +0100
+++ ImageMagick-6.8.8-1/coders/bmp.c	2020-12-07 15:30:16.952563626 +0100
@@ -2046,6 +2046,45 @@ static MagickBooleanType WriteBMPImage(c
         (void) WriteBlobLSBLong(image,0x000000ffU);  /* Blue mask */
         (void) WriteBlobLSBLong(image,0xff000000U);  /* Alpha mask */
         (void) WriteBlobLSBLong(image,0x73524742U);  /* sRGB */
+
+        // bounds check, assign .0 if invalid value
+        if( isgreater(image->chromaticity.red_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.red_primary.x, 0.0)) {
+          image->chromaticity.red_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.red_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.red_primary.y, 0.0)) {
+          image->chromaticity.red_primary.y = 0.0;
+        }
+        if( isgreater(image->chromaticity.green_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.green_primary.x, 0.0)) {
+          image->chromaticity.green_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.green_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.green_primary.y, 0.0)) {
+          image->chromaticity.green_primary.y = 0.0;
+        }
+        if( isgreater(image->chromaticity.blue_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.blue_primary.x, 0.0)) {
+          image->chromaticity.blue_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.blue_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.blue_primary.y, 0.0)) {
+          image->chromaticity.blue_primary.y = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.x, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.x, 0.0)) {
+          bmp_info.gamma_scale.x = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.y, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.y, 0.0)) {
+          bmp_info.gamma_scale.y = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.z, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.z, 0.0)) {
+          bmp_info.gamma_scale.z = 0.0;
+        }
+
         (void) WriteBlobLSBLong(image,(unsigned int)
           (image->chromaticity.red_primary.x*0x40000000));
         (void) WriteBlobLSBLong(image,(unsigned int)