File ImageMagick-CVE-2017-14174.patch of Package ImageMagick.9293
:
Index: ImageMagick-6.8.8-1/coders/psd.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/psd.c 2017-12-13 10:20:35.327713311 +0100
+++ ImageMagick-6.8.8-1/coders/psd.c 2017-12-13 10:21:12.660404510 +0100
@@ -1382,18 +1382,12 @@ static MagickStatusType ReadPSDLayers(Im
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
" layer blending ranges: length=%.20g",(double)
((MagickOffsetType) length));
- /*
- We read it, but don't use it...
- */
- for (j=0; j < (ssize_t) (length); j+=8)
- {
- size_t blend_source=ReadBlobMSBLong(image);
- size_t blend_dest=ReadBlobMSBLong(image);
- if (image->debug != MagickFalse)
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
- " source(%x), dest(%x)",(unsigned int)
- blend_source,(unsigned int) blend_dest);
- }
+ if (DiscardBlobBytes(image,length) == MagickFalse)
+ {
+ layer_info=DestroyLayerInfo(layer_info,number_layers);
+ ThrowBinaryException(CorruptImageError,
+ "UnexpectedEndOfFile",image->filename);
+ }
}
/*
Layer name.