Overview

File ImageMagick-CVE-2016-5841.patch of Package ImageMagick.29977

Index: ImageMagick-6.8.9-8/magick/profile.c
===================================================================
--- ImageMagick-6.8.9-8.orig/magick/profile.c	2016-06-29 13:33:12.700055735 +0200
+++ ImageMagick-6.8.9-8/magick/profile.c	2016-06-29 13:34:48.001762594 +0200
@@ -2066,6 +2066,8 @@ static MagickBooleanType SyncExifProfile
         tag_value;
 
       q=(unsigned char *) (directory+2+(12*entry));
+      if (q > (exif+length-12))
+        break;  /* corrupt EXIF */
       if (GetValueFromSplayTree(exif_resources,q) == q)
         break;
       (void) AddValueToSplayTree(exif_resources,q,q);
@@ -2074,6 +2076,8 @@ static MagickBooleanType SyncExifProfile
       if ((format-1) >= EXIF_NUM_FORMATS)
         break;
       components=(ssize_t) ((int) ReadProfileLong(endian,q+4));
+      if (components < 0)
+         break;  /* corrupt EXIF */
       number_bytes=(size_t) components*format_bytes[format];
       if ((ssize_t) number_bytes < components)
         break;  /* prevent overflow */
openSUSE Build Service is sponsored by
Places