File ImageMagick-CVE-2023-34151.patch of Package ImageMagick.29977
Index: ImageMagick-6.8.8-1/coders/caption.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/caption.c
+++ ImageMagick-6.8.8-1/coders/caption.c
@@ -168,7 +168,7 @@ static Image *ReadCAPTIONImage(const Ima
if (draw_info->gravity == UndefinedGravity)
(void) CloneString(&draw_info->geometry,geometry);
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
image->columns=width;
}
if (image->rows == 0)
@@ -207,8 +207,8 @@ static Image *ReadCAPTIONImage(const Ima
(void) CloneString(&draw_info->geometry,geometry);
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
(void) status;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width >= image->columns) && (height >= image->rows))
@@ -232,8 +232,8 @@ static Image *ReadCAPTIONImage(const Ima
if (draw_info->gravity == UndefinedGravity)
(void) CloneString(&draw_info->geometry,geometry);
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width < image->columns) && (height < image->rows))
Index: ImageMagick-6.8.8-1/coders/label.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/label.c
+++ ImageMagick-6.8.8-1/coders/label.c
@@ -156,8 +156,8 @@ static Image *ReadLABELImage(const Image
(void) CloneString(&draw_info->geometry,geometry);
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
(void) status;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width >= image->columns) && (height >= image->rows))
@@ -177,8 +177,8 @@ static Image *ReadLABELImage(const Image
if (draw_info->gravity == UndefinedGravity)
(void) CloneString(&draw_info->geometry,geometry);
status=GetMultilineTypeMetrics(image,draw_info,&metrics);
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width < image->columns) && (height < image->rows))
Index: ImageMagick-6.8.8-1/coders/pcl.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pcl.c
+++ ImageMagick-6.8.8-1/coders/pcl.c
@@ -341,9 +341,9 @@ static Image *ReadPCLImage(const ImageIn
(void) ParseAbsoluteGeometry(image_info->page,&page);
(void) FormatLocaleString(density,MaxTextExtent,"%gx%g",
image->x_resolution,image->y_resolution);
- page.width=(size_t) floor((double) page.width*image->x_resolution/delta.x+
+ page.width=CastDoubleToUnsigned((double) page.width*image->x_resolution/delta.x+
0.5);
- page.height=(size_t) floor((double) page.height*image->y_resolution/delta.y+
+ page.height=CastDoubleToUnsigned((double) page.height*image->y_resolution/delta.y+
0.5);
(void) FormatLocaleString(options,MaxTextExtent,"-g%.20gx%.20g ",(double)
page.width,(double) page.height);
Index: ImageMagick-6.8.8-1/coders/pdf.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pdf.c
+++ ImageMagick-6.8.8-1/coders/pdf.c
@@ -1439,9 +1439,9 @@ RestoreMSCWarning
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,
&image->exception);
Index: ImageMagick-6.8.8-1/coders/ps.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/ps.c
+++ ImageMagick-6.8.8-1/coders/ps.c
@@ -1509,9 +1509,9 @@ static MagickBooleanType WritePSImage(co
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,
&image->exception);
Index: ImageMagick-6.8.8-1/coders/ps2.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/ps2.c
+++ ImageMagick-6.8.8-1/coders/ps2.c
@@ -536,9 +536,9 @@ static MagickBooleanType WritePS2Image(c
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,
&image->exception);
Index: ImageMagick-6.8.8-1/coders/ps3.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/ps3.c
+++ ImageMagick-6.8.8-1/coders/ps3.c
@@ -972,9 +972,9 @@ static MagickBooleanType WritePS3Image(c
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,
&image->exception);
Index: ImageMagick-6.8.8-1/coders/svg.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/svg.c
+++ ImageMagick-6.8.8-1/coders/svg.c
@@ -2178,8 +2178,8 @@ static void SVGStartElement(void *contex
if ((svg_info->view_box.width == 0.0) ||
(svg_info->view_box.height == 0.0))
svg_info->view_box=svg_info->bounds;
- svg_info->width=(size_t) floor(svg_info->bounds.width+0.5);
- svg_info->height=(size_t) floor(svg_info->bounds.height+0.5);
+ svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5);
+ svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5);
(void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n",
(double) svg_info->width,(double) svg_info->height);
sx=(double) svg_info->width/svg_info->view_box.width;
Index: ImageMagick-6.8.8-1/magick/annotate.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/annotate.c
+++ ImageMagick-6.8.8-1/magick/annotate.c
@@ -590,7 +590,7 @@ MagickExport ssize_t FormatMagickCaption
status=GetTypeMetrics(image,draw_info,metrics);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
if ((width <= image->columns) || (s == (char *) NULL))
continue;
if ((s != (char *) NULL) && (GetUTFOctets(s) == 1))
@@ -642,7 +642,7 @@ MagickExport ssize_t FormatMagickCaption
status=GetTypeMetrics(image,draw_info,metrics);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
if ((width <= image->columns) || (strcmp(text,draw_info->text) == 0))
continue;
(void) strcpy(text,draw_info->text);
Index: ImageMagick-6.8.8-1/magick/draw.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/draw.c
+++ ImageMagick-6.8.8-1/magick/draw.c
@@ -2567,12 +2567,12 @@ MagickExport MagickBooleanType DrawImage
GetMagickToken(q,&q,token);
if (*token == ',')
GetMagickToken(q,&q,token);
- bounds.width=(size_t) floor(StringToDouble(token,
+ bounds.width=CastDoubleToUnsigned(StringToDouble(token,
(char **) NULL)+0.5);
GetMagickToken(q,&q,token);
if (*token == ',')
GetMagickToken(q,&q,token);
- bounds.height=(size_t) floor(StringToDouble(token,
+ bounds.height=CastDoubleToUnsigned(StringToDouble(token,
(char **) NULL)+0.5);
for (p=q; *q != '\0'; )
{
@@ -2909,12 +2909,12 @@ MagickExport MagickBooleanType DrawImage
GetMagickToken(q,&q,token);
if (*token == ',')
GetMagickToken(q,&q,token);
- graphic_context[n]->viewbox.width=(size_t) floor(StringToDouble(
+ graphic_context[n]->viewbox.width=CastDoubleToUnsigned(StringToDouble(
token,(char **) NULL)+0.5);
GetMagickToken(q,&q,token);
if (*token == ',')
GetMagickToken(q,&q,token);
- graphic_context[n]->viewbox.height=(size_t) floor(StringToDouble(
+ graphic_context[n]->viewbox.height=CastDoubleToUnsigned(StringToDouble(
token,(char **) NULL)+0.5);
break;
}
Index: ImageMagick-6.8.8-1/magick/geometry.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/geometry.c
+++ ImageMagick-6.8.8-1/magick/geometry.c
@@ -44,6 +44,7 @@
#include "magick/draw.h"
#include "magick/exception.h"
#include "magick/exception-private.h"
+#include "magick/image-private.h"
#include "magick/geometry.h"
#include "magick/memory_.h"
#include "magick/string_.h"
@@ -1298,8 +1299,8 @@ MagickExport MagickStatusType ParseMetaG
scale.y=geometry_info.sigma;
if ((flags & SigmaValue) == 0)
scale.y=scale.x;
- *width=(size_t) floor(scale.x*former_width/100.0+0.5);
- *height=(size_t) floor(scale.y*former_height/100.0+0.5);
+ *width=CastDoubleToUnsigned(scale.x*former_width/100.0+0.5);
+ *height=CastDoubleToUnsigned(scale.y*former_height/100.0+0.5);
former_width=(*width);
former_height=(*height);
}
Index: ImageMagick-6.8.8-1/magick/shear.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/shear.c
+++ ImageMagick-6.8.8-1/magick/shear.c
@@ -163,8 +163,8 @@ static MagickBooleanType CropToFitImage(
}
geometry.x=(ssize_t) ceil(min.x-0.5);
geometry.y=(ssize_t) ceil(min.y-0.5);
- geometry.width=(size_t) floor(max.x-min.x+0.5);
- geometry.height=(size_t) floor(max.y-min.y+0.5);
+ geometry.width=CastDoubleToUnsigned(max.x-min.x+0.5);
+ geometry.height=CastDoubleToUnsigned(max.y-min.y+0.5);
page=(*image)->page;
(void) ParseAbsoluteGeometry("0x0+0+0",&(*image)->page);
crop_image=CropImage(*image,&geometry,exception);
Index: ImageMagick-6.8.8-1/magick/fx.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/fx.c
+++ ImageMagick-6.8.8-1/magick/fx.c
@@ -4291,7 +4291,8 @@ MagickExport Image *ShadowImage(const Im
(void) SetImageColorspace(clone_image,sRGBColorspace);
(void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod);
clone_image->compose=OverCompositeOp;
- border_info.width=(size_t) floor(2.0*sigma+0.5);
+ border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5);
+ border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5);
border_info.height=(size_t) floor(2.0*sigma+0.5);
border_info.x=0;
border_info.y=0;
Index: ImageMagick-6.8.8-1/magick/image-private.h
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/image-private.h
+++ ImageMagick-6.8.8-1/magick/image-private.h
@@ -22,6 +22,10 @@
extern "C" {
#endif
+#include <errno.h>
+#include <stdint.h>
+#include <limits.h>
+
#define IsNaN(a) ((a) != (a) ? MagickTrue : MagickFalse)
#define MagickPI 3.14159265358979323846264338327950288419716939937510
#define Magick2PI 6.28318530717958647692528676655900576839433879875020
@@ -30,6 +34,8 @@ extern "C" {
#define MagickSQ1_2 0.70710678118654752440084436210484903928483593768847
#define MagickSQ2 1.41421356237309504880168872420969807856967187537695
#define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062
+#define MAGICK_SIZE_MAX (SIZE_MAX)
+#define MAGICK_SSIZE_MAX (SSIZE_MAX)
#define UndefinedTicksPerSecond 100L
#define UndefinedCompressionQuality 0UL
@@ -51,6 +57,26 @@ extern MagickExport const char
extern MagickExport const double
DefaultResolution;
+static inline size_t CastDoubleToUnsigned(const double x)
+{
+ if (IsNaN(x) != 0)
+ {
+ errno=ERANGE;
+ return(0);
+ }
+ if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
+ {
+ errno=ERANGE;
+ return((size_t) MAGICK_SIZE_MAX);
+ }
+ if (ceil(x) < 0.0)
+ {
+ errno=ERANGE;
+ return(0);
+ }
+ return((size_t) x);
+}
+
static inline double DegreesToRadians(const double degrees)
{
return((double) (MagickPI*degrees/180.0));
