File ImageMagick-CVE-2022-32547.patch of Package ImageMagick.29424

Index: ImageMagick-6.8.8-1/magick/property.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/property.c
+++ ImageMagick-6.8.8-1/magick/property.c
@@ -710,6 +710,38 @@ static inline unsigned short ReadPropert
   return((unsigned short) (value & 0xffff));
 }
 
+static inline signed int ReadPropertySignedLong(const EndianType endian,
+  const unsigned char *buffer)
+{
+  union
+  {
+    unsigned int
+      unsigned_value;
+
+    signed int
+      signed_value;
+  } quantum;
+
+  unsigned int
+    value;
+
+  if (endian == LSBEndian)
+    {
+      value=(unsigned int) buffer[3] << 24;
+      value|=(unsigned int) buffer[2] << 16;
+      value|=(unsigned int) buffer[1] << 8;
+      value|=(unsigned int) buffer[0];
+      quantum.unsigned_value=value & 0xffffffff;
+      return(quantum.signed_value);
+    }
+  value=(unsigned int) buffer[0] << 24;
+  value|=(unsigned int) buffer[1] << 16;
+  value|=(unsigned int) buffer[2] << 8;
+  value|=(unsigned int) buffer[3];
+  quantum.unsigned_value=value & 0xffffffff;
+  return(quantum.signed_value);
+}
+
 static inline size_t ReadPropertyLong(const EndianType endian,
   const unsigned char *buffer)
 {
@@ -1397,12 +1429,12 @@ static MagickBooleanType GetEXIFProperty
             }
             case EXIF_FMT_SINGLE:
             {
-              EXIFMultipleValues(4,"%f",(double) *(float *) p1);
+              EXIFMultipleValues(4,"%f",(double)ReadPropertySignedLong(endian,p1));
               break;
             }
             case EXIF_FMT_DOUBLE:
             {
-              EXIFMultipleValues(8,"%f",*(double *) p1);
+              EXIFMultipleValues(8,"%f",(double)ReadPropertySignedLong(endian,p1));
               break;
             }
             default: