File ImageMagick-CVE-2017-8353.patch of Package ImageMagick.9182

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-8353.patch of Package ImageMagick.9182

From db773def23bb75c8731dbe5a8565664f5da0fb4d Mon Sep 17 00:00:00 2001
From: cristy <urban-warrior@git.imagemagick.org>
Date: Mon, 12 May 2014 00:15:53 +0000
Subject: [PATCH]

---
 coders/pict.c | 47 +++++++++++++++++++++++++++++------------------
 1 file changed, 29 insertions(+), 18 deletions(-)

Index: ImageMagick-6.8.8-1/coders/pict.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/pict.c	2017-05-15 12:12:52.520405830 +0200
+++ ImageMagick-6.8.8-1/coders/pict.c	2017-05-15 12:14:18.397899881 +0200
@@ -95,17 +95,6 @@
     ThrowReaderException(CorruptImageError,"ImproperImageHeader"); \
 }
 
-#define ReadRectangle(image,rectangle) \
-{ \
-  rectangle.top=(short) ReadBlobMSBShort(image); \
-  rectangle.left=(short) ReadBlobMSBShort(image); \
-  rectangle.bottom=(short) ReadBlobMSBShort(image); \
-  rectangle.right=(short) ReadBlobMSBShort(image); \
-  if ((rectangle.left > rectangle.right) || \
-      (rectangle.top > rectangle.bottom)) \
-    ThrowReaderException(CorruptImageError,"ImproperImageHeader"); \
-}
-
 typedef struct _PICTCode
 {
   const char
@@ -796,6 +785,18 @@ static inline size_t MagickMax(const siz
   return(y);
 }
 
+static MagickBooleanType ReadRectangle(Image *image,PICTRectangle *rectangle)
+{
+  rectangle->top=(short) ReadBlobMSBShort(image);
+  rectangle->left=(short) ReadBlobMSBShort(image);
+  rectangle->bottom=(short) ReadBlobMSBShort(image);
+  rectangle->right=(short) ReadBlobMSBShort(image);
+  if ((rectangle->left > rectangle->right) ||
+      (rectangle->top > rectangle->bottom))
+    return(MagickFalse);
+  return(MagickTrue);
+}
+
 static Image *ReadPICTImage(const ImageInfo *image_info,
   ExceptionInfo *exception)
 {
@@ -883,7 +884,8 @@ static Image *ReadPICTImage(const ImageI
     for (i=0; i < 508; i++)
       (void) ReadBlobByte(image);
   (void) ReadBlobMSBShort(image);  /* skip picture size */
-  ReadRectangle(image,frame);
+  if (ReadRectangle(image,&frame) == MagickFalse)
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   while ((c=ReadBlobByte(image)) == 0) ;
   if (c != 0x11)
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
@@ -948,7 +950,8 @@ static Image *ReadPICTImage(const ImageI
                   (void) ReadBlobByte(image);
                 break;
               }
-            ReadRectangle(image,frame);
+            if (ReadRectangle(image,&frame) == MagickFalse)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
             if (((frame.left & 0x8000) != 0) || ((frame.top & 0x8000) != 0))
               break;
             image->columns=1UL*(frame.right-frame.left);
@@ -982,7 +985,8 @@ static Image *ReadPICTImage(const ImageI
             if (pattern != 1)
               ThrowReaderException(CorruptImageError,"UnknownPatternType");
             length=ReadBlobMSBShort(image);
-            ReadRectangle(image,frame);
+            if (ReadRectangle(image,&frame) == MagickFalse)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
             ReadPixmap(pixmap);
             image->depth=1UL*pixmap.component_size;
             image->x_resolution=1.0*pixmap.horizontal_resolution;
@@ -1084,7 +1088,8 @@ static Image *ReadPICTImage(const ImageI
                 (void) ReadBlobMSBShort(image);
                 (void) ReadBlobMSBShort(image);
               }
-            ReadRectangle(image,frame);
+            if (ReadRectangle(image,&frame) == MagickFalse)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
             /*
               Initialize tile image.
             */
@@ -1152,8 +1157,16 @@ static Image *ReadPICTImage(const ImageI
                     }
                   }
               }
-            ReadRectangle(image,source);
-            ReadRectangle(image,destination);
+            if (ReadRectangle(image,&source) == MagickFalse)
+              {
+                tile_image=DestroyImage(tile_image);
+                ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+              }
+            if (ReadRectangle(image,&destination) == MagickFalse)
+              {
+                tile_image=DestroyImage(tile_image);
+                ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+              }
             (void) ReadBlobMSBShort(image);
             if ((code == 0x91) || (code == 0x99) || (code == 0x9b))
               {
@@ -1183,7 +1196,10 @@ static Image *ReadPICTImage(const ImageI
             for (y=0; y < (ssize_t) tile_image->rows; y++)
             {
               if (p > (pixels+extent+image->columns))
-                ThrowReaderException(CorruptImageError,"NotEnoughPixelData");
+                {
+                  tile_image=DestroyImage(tile_image);
+                  ThrowReaderException(CorruptImageError,"NotEnoughPixelData");
+                }
               q=QueueAuthenticPixels(tile_image,0,y,tile_image->columns,1,
                 exception);
               if (q == (PixelPacket *) NULL)
@@ -1220,8 +1236,11 @@ static Image *ReadPICTImage(const ImageI
                       if (tile_image->matte == MagickFalse)
                         {
                           if (p > (pixels+extent+2*image->columns))
-                            ThrowReaderException(CorruptImageError,
-                              "NotEnoughPixelData");
+                            {
+                              tile_image=DestroyImage(tile_image);
+                              ThrowReaderException(CorruptImageError,
+                                "NotEnoughPixelData");
+                            }
                           SetPixelRed(q,ScaleCharToQuantum(*p));
                           SetPixelGreen(q,ScaleCharToQuantum(
                             *(p+tile_image->columns)));
@@ -1231,8 +1250,11 @@ static Image *ReadPICTImage(const ImageI
                       else
                         {
                           if (p > (pixels+extent+3*image->columns))
-                            ThrowReaderException(CorruptImageError,
-                              "NotEnoughPixelData");
+                            {
+                              tile_image=DestroyImage(tile_image);
+                              ThrowReaderException(CorruptImageError,
+                                "NotEnoughPixelData");
+                            }
                           SetPixelAlpha(q,ScaleCharToQuantum(*p));
                           SetPixelRed(q,ScaleCharToQuantum(
                             *(p+tile_image->columns)));
@@ -1302,8 +1324,11 @@ static Image *ReadPICTImage(const ImageI
                 status=SetImageProfile(image,"icc",profile);
                 profile=DestroyStringInfo(profile);
                 if (status == MagickFalse)
-                  ThrowReaderException(ResourceLimitError,
-                    "MemoryAllocationFailed");
+                  {
+                    info=(unsigned char *) RelinquishMagickMemory(info);
+                    ThrowReaderException(ResourceLimitError,
+                      "MemoryAllocationFailed");
+                  }
                 break;
               }
               case 0x1f2:
@@ -1314,8 +1339,11 @@ static Image *ReadPICTImage(const ImageI
                 SetStringInfoDatum(profile,info);
                 status=SetImageProfile(image,"iptc",profile);
                 if (status == MagickFalse)
-                  ThrowReaderException(ResourceLimitError,
-                    "MemoryAllocationFailed");
+                  {
+                    info=(unsigned char *) RelinquishMagickMemory(info);
+                    ThrowReaderException(ResourceLimitError,
+                      "MemoryAllocationFailed");
+                  }
                 profile=DestroyStringInfo(profile);
                 break;
               }
@@ -1387,7 +1415,11 @@ static Image *ReadPICTImage(const ImageI
         length=ReadBlobMSBLong(image);
         for (i=0; i < 6; i++)
           (void) ReadBlobMSBLong(image);
-        ReadRectangle(image,frame);
+        if (ReadRectangle(image,&frame) == MagickFalse)
+          {
+            (void) fclose(file);
+            ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+          }
         for (i=0; i < 122; i++)
           (void) ReadBlobByte(image);
         for (i=0; i < (ssize_t) (length-154); i++)

Places

File ImageMagick-CVE-2017-8353.patch of Package ImageMagick.9182

Places