Overview

File ImageMagick-CVE-2017-5506.patch of Package ImageMagick.29977

From 6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 12 Jan 2017 12:51:14 -0500
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/354

---
 magick/profile.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Index: ImageMagick-6.8.8-1/magick/profile.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/profile.c	2017-01-18 21:03:40.077353220 +0100
+++ ImageMagick-6.8.8-1/magick/profile.c	2017-01-18 21:05:18.622951460 +0100
@@ -1577,10 +1577,10 @@ MagickExport MagickBooleanType SyncImage
             The directory entry contains an offset.
           */
           offset=(ssize_t) ((int) ReadProfileLong(endian,q+8));
-          if ((ssize_t) (offset+number_bytes) < offset)
-            continue;  /* prevent overflow */
-          if ((size_t) (offset+number_bytes) > length)
+          if ((offset < 0) || ((size_t) (offset+number_bytes) > length))
             continue;
+          if (~length < number_bytes)
+            continue;  /* prevent overflow */
           p=(unsigned char *) (exif+offset);
         }
       switch (tag_value)
openSUSE Build Service is sponsored by
Places