Overview

File ImageMagick-CVE-2017-11450.patch of Package ImageMagick.29977

Index: ImageMagick-6.8.8-1/coders/jpeg.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/jpeg.c	2018-04-06 12:48:05.928108859 +0200
+++ ImageMagick-6.8.8-1/coders/jpeg.c	2018-04-06 12:48:07.380134470 +0200
@@ -1011,6 +1011,11 @@ static Image *ReadJPEGImage(const ImageI
       return((Image *) NULL);
     }
   /*
+    Verify that file size large enough to contain a JPEG datastream.
+  */
+  if (GetBlobSize(image) < 107)
+    ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+  /*
     Initialize JPEG parameters.
   */
   (void) ResetMagickMemory(&error_manager,0,sizeof(error_manager));
@@ -1452,6 +1457,7 @@ ModuleExport size_t RegisterJPEGImage(vo
 #endif
   entry->magick=(IsImageFormatHandler *) IsJPEG;
   entry->adjoin=MagickFalse;
+  entry->seekable_stream=MagickTrue;
   entry->description=ConstantString(description);
   if (*version != '\0')
     entry->version=ConstantString(version);
@@ -1465,6 +1471,7 @@ ModuleExport size_t RegisterJPEGImage(vo
   entry->encoder=(EncodeImageHandler *) WriteJPEGImage;
 #endif
   entry->adjoin=MagickFalse;
+  entry->seekable_stream=MagickTrue;
   entry->description=ConstantString(description);
   if (*version != '\0')
     entry->version=ConstantString(version);
@@ -1478,6 +1485,7 @@ ModuleExport size_t RegisterJPEGImage(vo
   entry->encoder=(EncodeImageHandler *) WriteJPEGImage;
 #endif
   entry->adjoin=MagickFalse;
+  entry->seekable_stream=MagickTrue;
   entry->description=ConstantString(description);
   if (*version != '\0')
     entry->version=ConstantString(version);
openSUSE Build Service is sponsored by
Places