Overview

File ImageMagick-CVE-2019-11598.patch of Package ImageMagick.16891

Index: ImageMagick-6.8.8-1/magick/quantize.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/quantize.c	2019-05-30 10:20:56.895837641 +0200
+++ ImageMagick-6.8.8-1/magick/quantize.c	2019-05-30 11:33:25.419029154 +0200
@@ -3249,6 +3247,9 @@ static MagickBooleanType SetGrayscaleImage(Image *image)
   register ssize_t
     i;
 
+  size_t
+    extent;
+
   ssize_t
     *colormap_index,
     j,
@@ -3331,7 +3332,8 @@ static MagickBooleanType SetGrayscaleIma
   assert(image->signature == MagickSignature);
   if (image->type != GrayscaleType)
     (void) TransformImageColorspace(image,GRAYColorspace);
-  colormap_index=(ssize_t *) AcquireQuantumMemory(MaxMap+1,
+  extent=MagickMax(image->colors+1,MagickMax(MaxColormapSize,MaxMap+1));
+  colormap_index=(ssize_t *) AcquireQuantumMemory(extent,
     sizeof(*colormap_index));
   if (colormap_index == (ssize_t *) NULL)
     {
@@ -3344,8 +3346,7 @@ static MagickBooleanType SetGrayscaleIma
       ExceptionInfo
         *exception;
 
-      for (i=0; i <= (ssize_t) MaxMap; i++)
-        colormap_index[i]=(-1);
+      (void) memset(colormap_index,(-1),extent*sizeof(*colormap_index));
       if (AcquireImageColormap(image,MaxMap+1) == MagickFalse)
         {
           colormap_index=(ssize_t *) RelinquishMagickMemory(colormap_index);
@@ -3409,6 +3410,7 @@ static MagickBooleanType SetGrayscaleIma
       }
       image_view=DestroyCacheView(image_view);
     }
+  (void) memset(colormap_index,0,extent*sizeof(*colormap_index));
   for (i=0; i < (ssize_t) image->colors; i++)
     image->colormap[i].opacity=(unsigned short) i;
   qsort((void *) image->colormap,image->colors,sizeof(PixelPacket),
openSUSE Build Service is sponsored by
Places