File ImageMagick-CVE-2016-7101.patch of Package ImageMagick.9182
Index: ImageMagick-6.8.9-8/coders/sgi.c
===================================================================
--- ImageMagick-6.8.9-8.orig/coders/sgi.c 2014-05-18 18:34:35.000000000 +0200
+++ ImageMagick-6.8.9-8/coders/sgi.c 2016-10-11 11:43:37.038606828 +0200
@@ -350,8 +350,10 @@ static Image *ReadSGIImage(const ImageIn
iris_info.minimum_value=ReadBlobMSBLong(image);
iris_info.maximum_value=ReadBlobMSBLong(image);
iris_info.sans=ReadBlobMSBLong(image);
- (void) ReadBlob(image,sizeof(iris_info.name),(unsigned char *)
+ count=ReadBlob(image,sizeof(iris_info.name),(unsigned char *)
iris_info.name);
+ if (count != sizeof(iris_info.name))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
iris_info.name[sizeof(iris_info.name)-1]='\0';
if (*iris_info.name != '\0')
(void) SetImageProperty(image,"label",iris_info.name);
@@ -359,19 +361,20 @@ static Image *ReadSGIImage(const ImageIn
if (iris_info.pixel_format != 0)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
count=ReadBlob(image,sizeof(iris_info.filler),iris_info.filler);
- (void) count;
+ if (count != sizeof(iris_info.filler))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
image->columns=iris_info.columns;
image->rows=iris_info.rows;
image->depth=(size_t) MagickMin(iris_info.depth,MAGICKCORE_QUANTUM_DEPTH);
if (iris_info.pixel_format == 0)
- image->depth=(size_t) MagickMin((size_t) 8*
- iris_info.bytes_per_pixel,MAGICKCORE_QUANTUM_DEPTH);
+ image->depth=(size_t) MagickMin((size_t) 8*iris_info.bytes_per_pixel,
+ MAGICKCORE_QUANTUM_DEPTH);
if (iris_info.depth < 3)
{
image->storage_class=PseudoClass;
image->colors=iris_info.bytes_per_pixel > 1 ? 65535 : 256;
}
- if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0))
+ if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0))
if (image->scene >= (image_info->scene+image_info->number_scenes-1))
break;
/*
