File ImageMagick-CVE-2017-13142.patch of Package ImageMagick.29977
Index: ImageMagick-6.8.8-1/coders/png.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/png.c 2018-01-12 14:12:37.998600763 +0100
+++ ImageMagick-6.8.8-1/coders/png.c 2018-01-12 14:12:38.010600955 +0100
@@ -4008,6 +4008,12 @@ static Image *ReadPNGImage(const ImageIn
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
/*
+ Verify that file size large enough to contain a PNG datastream.
+ */
+ if (GetBlobSize(image) < 61)
+ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+
+ /*
Allocate a MngInfo structure.
*/
mng_info=(MngInfo *) AcquireMagickMemory(sizeof(MngInfo));
@@ -4972,6 +4978,12 @@ static Image *ReadJNGImage(const ImageIn
if (count < 8 || memcmp(magic_number,"\213JNG\r\n\032\n",8) != 0)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ /*
+ Verify that file size large enough to contain a JNG datastream.
+ */
+ if (GetBlobSize(image) < 147)
+ ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+
/* Allocate a MngInfo structure. */
mng_info=(MngInfo *) AcquireMagickMemory(sizeof(*mng_info));
@@ -7529,7 +7541,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry=SetMagickInfo("MNG");
- entry->seekable_stream=MagickTrue; /* To do: eliminate this. */
+ entry->seekable_stream=MagickTrue;
#if defined(MAGICKCORE_PNG_DELEGATE)
entry->decoder=(DecodeImageHandler *) ReadMNGImage;
@@ -7554,6 +7566,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("Portable Network Graphics");
entry->mime_type=ConstantString("image/png");
@@ -7573,6 +7586,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString(
"8-bit indexed with optional binary transparency");
@@ -7603,6 +7617,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("opaque or binary transparent 24-bit RGB");
entry->mime_type=ConstantString("image/png");
@@ -7617,6 +7632,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("opaque or transparent 32-bit RGBA");
entry->mime_type=ConstantString("image/png");
@@ -7631,6 +7647,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("opaque or binary transparent 48-bit RGB");
entry->mime_type=ConstantString("image/png");
@@ -7645,6 +7662,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("opaque or transparent 64-bit RGBA");
entry->mime_type=ConstantString("image/png");
@@ -7659,6 +7677,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsPNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString(
"PNG inheriting bit-depth and color-type from original");
@@ -7676,6 +7695,7 @@ ModuleExport size_t RegisterPNGImage(voi
#endif
entry->magick=(IsImageFormatHandler *) IsJNG;
+ entry->seekable_stream=MagickTrue;
entry->adjoin=MagickFalse;
entry->description=ConstantString("JPEG Network Graphics");
entry->mime_type=ConstantString("image/x-jng");
