Overview

File ImageMagick-CVE-2014-9807.patch of Package ImageMagick.15344

Index: ImageMagick-6.8.9-8/coders/pdb.c
===================================================================
--- ImageMagick-6.8.9-8.orig/coders/pdb.c	2016-06-09 15:27:03.598070849 +0200
+++ ImageMagick-6.8.9-8/coders/pdb.c	2016-06-09 15:47:16.494694287 +0200
@@ -355,7 +355,7 @@ static Image *ReadPDBImage(const ImageIn
   /*
     Read record header.
   */
-  img_offset=(int) ReadBlobMSBLong(image); /* TS */
+  img_offset=(ssize_t) ReadBlobMSBLong(image); /* TS */
   attributes=(unsigned char) ReadBlobByte(image);
   (void) attributes;
   count=ReadBlob(image,3,(unsigned char *) tag);
@@ -363,7 +363,7 @@ static Image *ReadPDBImage(const ImageIn
     ThrowReaderException(CorruptImageError,"CorruptImage");
   if (pdb_info.number_records > 1)
     {
-      comment_offset=(int) ReadBlobMSBLong(image);
+      comment_offset=(ssize_t) ReadBlobMSBLong(image);
       attributes=(unsigned char) ReadBlobByte(image);
       count=ReadBlob(image,3,(unsigned char *) tag);
       if (count != 3  ||  memcmp(tag,"\x6f\x80\x01",3) != 0)
@@ -384,7 +384,7 @@ static Image *ReadPDBImage(const ImageIn
   */
   count=ReadBlob(image,32,(unsigned char *) pdb_image.name);
   pdb_image.version=ReadBlobByte(image);
-  pdb_image.type=ReadBlobByte(image);
+  pdb_image.type=(unsigned char)ReadBlobByte(image);
   pdb_image.reserved_1=ReadBlobMSBLong(image);
   pdb_image.note=ReadBlobMSBLong(image);
   pdb_image.x_last=(short) ReadBlobMSBShort(image);
@@ -809,7 +809,7 @@ static MagickBooleanType WritePDBImage(c
   if (image->columns % 16)
     pdb_image.width=(short) (16*(image->columns/16+1));
   pdb_image.height=(short) image->rows;
-  packets=(bits_per_pixel*image->columns/8)*image->rows;
+  packets=(bits_per_pixel*image->columns/8+4)*image->rows;
   runlength=(unsigned char *) AcquireQuantumMemory(2UL*packets,
     sizeof(*runlength));
   if (runlength == (unsigned char *) NULL)
@@ -842,7 +842,7 @@ static MagickBooleanType WritePDBImage(c
       break;
     (void) ExportQuantumPixels(image,(const CacheView *) NULL,quantum_info,
       GrayQuantum,scanline,&image->exception);
-    for (x=0; x < pdb_image.width; x++)
+    for (x=0; x < (ssize_t) pdb_image.width; x++)
     {
       if (x < (ssize_t) image->columns)
         buffer[literal+repeat]|=(0xff-scanline[x*packet_size]) >>
openSUSE Build Service is sponsored by
Places