Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
ImageMagick.6463
ImageMagick-CVE-2016-7514.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2016-7514.patch of Package ImageMagick.6463
From 4b1fba0af7c54b9da3681b57087e370839e4ac7f Mon Sep 17 00:00:00 2001 From: dirk <dirk@git.imagemagick.org> Date: Fri, 15 Jan 2016 01:13:30 +0100 Subject: [PATCH] Fixed overflow. --- coders/psd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: ImageMagick-6.8.8-1/coders/psd.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/psd.c 2016-09-30 13:52:03.833761216 +0200 +++ ImageMagick-6.8.8-1/coders/psd.c 2016-09-30 13:56:38.342270544 +0200 @@ -630,6 +630,75 @@ static CompositeOperator PSDBlendModeToC return(OverCompositeOp); } +static inline void SetPSDPixel(Image *image,const size_t channels, + const ssize_t type,const size_t packet_size,const Quantum pixel, + PixelPacket *q,IndexPacket *indexes,ssize_t x,ExceptionInfo *exception) +{ + if (image->storage_class == PseudoClass) + { + if (packet_size == 1) + SetPixelIndex(indexes+x,ScaleQuantumToChar(pixel)); + else + SetPixelIndex(indexes+x,ScaleQuantumToShort(pixel)); + SetPixelRGBO(q,image->colormap+(ssize_t) + ConstrainColormapIndex(image,GetPixelIndex(indexes+x))); + return; + } + switch (type) + { + case -1: + { + SetPixelAlpha(q,pixel); + break; + } + case -2: + case 0: + { + SetPixelRed(q,pixel); + if (channels == 1 || type == -2) + { + SetPixelGreen(q,GetPixelRed(q)); + SetPixelBlue(q,GetPixelRed(q)); + } + break; + } + case 1: + { + if (image->storage_class == PseudoClass) + SetPixelAlpha(q,pixel); + else + SetPixelGreen(q,pixel); + break; + } + case 2: + { + if (image->storage_class == PseudoClass) + SetPixelAlpha(q,pixel); + else + SetPixelBlue(q,pixel); + break; + } + case 3: + { + if (image->colorspace == CMYKColorspace) + SetPixelIndex(indexes+x,pixel); + else + if (image->matte != MagickFalse) + SetPixelAlpha(q,pixel); + break; + } + case 4: + { + if ((IssRGBCompatibleColorspace(image->colorspace) != MagickFalse) && + (channels > 3)) + break; + if (image->matte != MagickFalse) + SetPixelAlpha(q,pixel); + break; + } + } +} + static MagickStatusType ReadPSDChannelPixels(Image *image, const size_t channels,const size_t row,const ssize_t type, const unsigned char *pixels,ExceptionInfo *exception) @@ -670,89 +739,28 @@ static MagickStatusType ReadPSDChannelPi p=PushShortPixel(MSBEndian,p,&nibble); pixel=ScaleShortToQuantum(nibble); } - switch (type) - { - case -1: - { - SetPixelAlpha(q,pixel); - break; - } - case 0: - { - SetPixelRed(q,pixel); - if (channels == 1) - { - SetPixelGreen(q,GetPixelRed(q)); - SetPixelBlue(q,GetPixelRed(q)); - } - if (image->storage_class == PseudoClass) - { - if (packet_size == 1) - SetPixelIndex(indexes+x,ScaleQuantumToChar(pixel)); - else - SetPixelIndex(indexes+x,ScaleQuantumToShort(pixel)); - SetPixelRGBO(q,image->colormap+(ssize_t) - ConstrainColormapIndex(image,GetPixelIndex(indexes+x))); - if (image->depth == 1) - { - ssize_t - bit, - number_bits; - - number_bits=image->columns-x; - if (number_bits > 8) - number_bits=8; - for (bit=0; bit < number_bits; bit++) - { - SetPixelIndex(indexes+x,(((unsigned char) pixel) & - (0x01 << (7-bit))) != 0 ? 0 : 255); - SetPixelRGBO(q,image->colormap+(ssize_t) - GetPixelIndex(indexes+x)); - q++; - x++; - } - } - } - break; - } - case 1: + if (image->depth > 1) { - if (image->storage_class == PseudoClass) - SetPixelAlpha(q,pixel); - else - SetPixelGreen(q,pixel); - break; + SetPSDPixel(image,channels,type,packet_size,pixel,q++,indexes,x,exception); } - case 2: - { - if (image->storage_class == PseudoClass) - SetPixelAlpha(q,pixel); - else - SetPixelBlue(q,pixel); - break; - } - case 3: - { - if (image->colorspace == CMYKColorspace) - SetPixelIndex(indexes+x,pixel); - else - if (image->matte != MagickFalse) - SetPixelAlpha(q,pixel); - break; - } - case 4: + else { - if ((IssRGBCompatibleColorspace(image->colorspace) != MagickFalse) && - (channels > 3)) - break; - if (image->matte != MagickFalse) - SetPixelAlpha(q,pixel); - break; + ssize_t + bit, + number_bits; + + number_bits=image->columns-x; + if (number_bits > 8) + number_bits=8; + for (bit=0; bit < number_bits; bit++) + { + SetPSDPixel(image,channels,type,packet_size,pixel,q++,indexes,x++, + exception); + } + if (x != image->columns) + x--; + continue; } - default: - break; - } - q++; } return(SyncAuthenticPixels(image,exception)); } @@ -1725,6 +1733,8 @@ static Image *ReadPSDImage(const ImageIn image->matte=MagickFalse; } } + if ((image->depth == 1) && (image->storage_class != PseudoClass)) + ThrowReaderException(CorruptImageError, "ImproperImageHeader"); length=ReadBlobMSBLong(image); if (length != 0) { @@ -2153,8 +2163,8 @@ static MagickBooleanType WriteImageChann compact_pixels=(unsigned char *) NULL; if (next_image->compression == RLECompression) { - compact_pixels=(unsigned char *) AcquireQuantumMemory(2*channels* - next_image->columns,packet_size*sizeof(*compact_pixels)); + compact_pixels=(unsigned char *) AcquireQuantumMemory((2*channels* + next_image->columns)+1,packet_size*sizeof(*compact_pixels)); if (compact_pixels == (unsigned char *) NULL) ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed"); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
