Overview

File ImageMagick-CVE-2018-12599.patch of Package ImageMagick.11106

diff --git a/coders/bmp.c b/coders/bmp.c
index ad31da172..ba3d4f9fc 100644
--- a/coders/bmp.c
+++ b/coders/bmp.c
@@ -1857,8 +1857,8 @@ static MagickBooleanType WriteBMPImage(const ImageInfo *image_info,Image *image)
     /*
       Convert MIFF to BMP raster pixels.
     */
-    pixel_info=AcquireVirtualMemory((size_t) bmp_info.image_size,
-      sizeof(*pixels));
+    pixel_info=AcquireVirtualMemory(image->rows,MagickMax(bytes_per_line,
+      image->columns+256UL)*sizeof(*pixels));
     if (pixel_info == (MemoryInfo *) NULL)
       ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
     pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
openSUSE Build Service is sponsored by
Places