Overview

File ImageMagick-CVE-2017-14997.patch of Package ImageMagick.19143

Index: ImageMagick-6.8.8-1/coders/pict.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pict.c	2018-10-22 15:08:51.644187636 +0200
+++ ImageMagick-6.8.8-1/coders/pict.c	2018-10-22 15:09:39.856428970 +0200
@@ -764,6 +764,14 @@ static inline size_t MagickMax(const siz
   return(y);
 }
 
+static inline MagickSizeType MagickMin(const MagickSizeType x,
+  const MagickSizeType y)
+{
+  if (x < y)
+    return(x);
+  return(y);
+}
+
 static MagickBooleanType ReadPixmap(Image *image,PICTPixmap *pixmap)
 {
   pixmap->version=(short) ReadBlobMSBShort(image);
@@ -1343,7 +1351,7 @@ static Image *ReadPICTImage(const ImageI
             if (length == 0)
               break;
             (void) ReadBlobMSBLong(image);
-            length-=4;
+            length-=MagickMin(length,4);
             if (length == 0)
               break;
             info=(unsigned char *) AcquireQuantumMemory(length,sizeof(*info));
openSUSE Build Service is sponsored by
Places