File ImageMagick-CVE-2017-11532.patch of Package ImageMagick.11106

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-11532.patch of Package ImageMagick.11106

Index: ImageMagick-6.8.8-1/magick/cache.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/cache.c	2018-09-18 14:59:14.118451092 +0200
+++ ImageMagick-6.8.8-1/magick/cache.c	2018-09-18 15:00:53.362956446 +0200
@@ -877,7 +877,7 @@ static inline void RelinquishPixelCacheP
     {
       (void) UnmapBlob(cache_info->pixels,(size_t) cache_info->length);
       cache_info->pixels=(PixelPacket *) NULL;
-      if (cache_info->mode != ReadMode)
+      if ((cache_info->mode != ReadMode) && (cache_info->mode != PersistMode))
         (void) RelinquishUniqueFileResource(cache_info->cache_filename);
       *cache_info->cache_filename='\0';
       RelinquishMagickResource(MapResource,cache_info->length);
@@ -886,7 +886,7 @@ static inline void RelinquishPixelCacheP
     {
       if (cache_info->file != -1)
         (void) ClosePixelCacheOnDisk(cache_info);
-      if (cache_info->mode != ReadMode)
+      if ((cache_info->mode != ReadMode) || (cache_info->mode != PersistMode))
         (void) RelinquishUniqueFileResource(cache_info->cache_filename);
       *cache_info->cache_filename='\0';
       RelinquishMagickResource(DiskResource,cache_info->length);
@@ -3519,6 +3519,8 @@ static MagickBooleanType OpenPixelCache(
       image->filename);
   cache_info->length=length;
   status=AcquireMagickResource(AreaResource,cache_info->length);
+  if (cache_info->mode == PersistMode)
+    status=MagickFalse;
   length=number_pixels*(sizeof(PixelPacket)+sizeof(IndexPacket));
   if ((status != MagickFalse) && (length == (MagickSizeType) ((size_t) length)))
     {
@@ -3634,7 +3636,8 @@ static MagickBooleanType OpenPixelCache(
         "CacheResourcesExhausted","`%s'",image->filename);
       return(MagickFalse);
     }
-  if ((source_info.storage_class != UndefinedClass) && (mode != ReadMode))
+  if ((source_info.storage_class != UndefinedClass) && (mode != ReadMode) &&
+      (cache_info->mode != PersistMode))
     {
       (void) ClosePixelCacheOnDisk(cache_info);
       *cache_info->cache_filename='\0';
@@ -3778,7 +3781,7 @@ MagickExport MagickBooleanType PersistPi
     *restrict clone_info;
 
   Image
-    clone_image;
+    *clone_image;
 
   MagickBooleanType
     status;
@@ -3846,19 +3849,17 @@ MagickExport MagickBooleanType PersistPi
   /*
     Clone persistent pixel cache.
   */
-  clone_image=(*image);
-  clone_info=(CacheInfo *) clone_image.cache;
-  image->cache=ClonePixelCache(cache_info);
-  cache_info=(CacheInfo *) ReferencePixelCache(image->cache);
-  (void) CopyMagickString(cache_info->cache_filename,filename,MaxTextExtent);
-  cache_info->type=DiskCache;
-  cache_info->offset=(*offset);
-  cache_info=(CacheInfo *) image->cache;
-  status=OpenPixelCache(image,IOMode,exception);
-  if (status != MagickFalse)
-    status=ClonePixelCacheRepository(cache_info,clone_info,&image->exception);
+  clone_image=CloneImage(image,image->columns,image->rows,MagickTrue,exception);
+  if (clone_image == (Image *) NULL)
+    return(MagickFalse);
+  clone_info=(CacheInfo *) clone_image->cache;
+  (void) CopyMagickString(clone_info->cache_filename,filename,MaxTextExtent);
+  clone_info->mode=PersistMode;
+  clone_info->type=DiskCache;
+  clone_info->offset=(*offset);
+  status=ClonePixelCacheRepository(clone_info,cache_info,exception);
   *offset+=cache_info->length+page_size-(cache_info->length % page_size);
-  clone_info=(CacheInfo *) DestroyPixelCache(clone_info);
+  clone_image=DestroyImage(clone_image);
   return(status);
 }
 
Index: ImageMagick-6.8.8-1/magick/enhance.c
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/enhance.c	2018-09-18 14:59:11.242436446 +0200
+++ ImageMagick-6.8.8-1/magick/enhance.c	2018-09-18 14:59:14.314452090 +0200
@@ -44,6 +44,7 @@
 #include "magick/accelerate.h"
 #include "magick/artifact.h"
 #include "magick/cache.h"
+#include "magick/cache-private.h"
 #include "magick/cache-view.h"
 #include "magick/channel.h"
 #include "magick/color.h"
Index: ImageMagick-6.8.8-1/magick/blob.h
===================================================================
--- ImageMagick-6.8.8-1.orig/magick/blob.h	2013-11-27 20:02:59.000000000 +0100
+++ ImageMagick-6.8.8-1/magick/blob.h	2018-09-18 14:59:14.314452090 +0200
@@ -31,7 +31,8 @@ typedef enum
 {
   ReadMode,
   WriteMode,
-  IOMode
+  IOMode,
+  PersistMode
 } MapMode;
 
 extern MagickExport FILE

Places

File ImageMagick-CVE-2017-11532.patch of Package ImageMagick.11106

Places