File ImageMagick-CVE-2017-12418.patch of Package ImageMagick.30956
Index: ImageMagick-6.8.8-1/coders/meta.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/meta.c 2018-01-30 17:01:13.879489802 +0100
+++ ImageMagick-6.8.8-1/coders/meta.c 2018-01-30 17:01:31.091775923 +0100
@@ -2198,7 +2198,11 @@ static int format8BIM(Image *ifile, Imag
for (i=0; i<plen; i++)
{
c=ReadBlobByte(ifile);
- if (c == EOF) return -1;
+ if (c == EOF)
+ {
+ PString=(unsigned char *) RelinquishMagickMemory(PString);
+ return(-1);
+ }
PString[i] = (unsigned char) c;
}
PString[ plen ] = 0;
@@ -2206,15 +2210,23 @@ static int format8BIM(Image *ifile, Imag
{
c=ReadBlobByte(ifile);
if (c == EOF)
- return(-1);
+ {
+ PString=(unsigned char *) RelinquishMagickMemory(PString);
+ return(-1);
+ }
}
}
count = (int) ReadBlobMSBLong(ifile);
- if (count < 0) return -1;
+ if (count < 0)
+ {
+ PString=(unsigned char *) RelinquishMagickMemory(PString);
+ return(-1);
+ }
/* make a buffer to hold the datand snag it from the input stream */
str=(unsigned char *) AcquireQuantumMemory((size_t) count,sizeof(*str));
if (str == (unsigned char *) NULL)
{
+ PString=(unsigned char *) RelinquishMagickMemory(PString);
printf("MemoryAllocationFailed");
return 0;
}
@@ -2222,7 +2234,10 @@ static int format8BIM(Image *ifile, Imag
{
c=ReadBlobByte(ifile);
if (c == EOF)
- return(-1);
+ {
+ PString=(unsigned char *) RelinquishMagickMemory(PString);
+ return(-1);
+ }
str[i]=(unsigned char) c;
}
