File ImageMagick-CVE-2017-16353.patch of Package ImageMagick.7537

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-16353.patch of Package ImageMagick.7537

Index: ImageMagick-6.8.8-1/magick/identify.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/identify.c	2018-03-05 20:18:45.777937438 +0100
+++ ImageMagick-6.8.8-1/magick/identify.c	2018-03-05 20:20:14.363445938 +0100
@@ -450,6 +450,14 @@ static ssize_t PrintChannelStatistics(FI
   return(n);
 }
 
+static inline MagickSizeType MagickMin(const MagickSizeType x,
+  const MagickSizeType y)
+{
+  if (x < y)
+    return(x);
+  return(y);
+}
+
 MagickExport MagickBooleanType IdentifyImage(Image *image,FILE *file,
   const MagickBooleanType verbose)
 {
@@ -1231,7 +1239,7 @@ MagickExport MagickBooleanType IdentifyI
               profile_length;
 
             profile_length=GetStringInfoLength(profile);
-            for (i=0; i < (ssize_t) profile_length; i+=(ssize_t) length)
+            for (i=0; i < (ssize_t) profile_length-5; i+=(ssize_t) length)
             {
               length=1;
               sentinel=GetStringInfoDatum(profile)[i++];
@@ -1299,6 +1307,7 @@ MagickExport MagickBooleanType IdentifyI
                 (double) dataset,(double) record);
               length=(size_t) (GetStringInfoDatum(profile)[i++] << 8);
               length|=GetStringInfoDatum(profile)[i++];
+              length=MagickMin(length,profile_length-i);
               attribute=(char *) NULL;
               if (~length >= (MaxTextExtent-1))
                 attribute=(char *) AcquireQuantumMemory(length+

Places

File ImageMagick-CVE-2017-16353.patch of Package ImageMagick.7537

Places