File ImageMagick-CVE-2017-9407.patch of Package ImageMagick.9293

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2017-9407.patch of Package ImageMagick.9293

Index: ImageMagick-6.8.8-1/coders/palm.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/palm.c	2018-01-31 12:40:13.957110985 +0100
+++ ImageMagick-6.8.8-1/coders/palm.c	2018-01-31 12:41:27.210372914 +0100
@@ -415,7 +415,10 @@ static Image *ReadPALMImage(const ImageI
       lastrow=(unsigned char *) AcquireQuantumMemory(MagickMax(bytes_per_row,
         2*image->columns),sizeof(*lastrow));
     if (lastrow == (unsigned char *) NULL)
-      ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+      {
+        one_row=(unsigned char *) RelinquishMagickMemory(one_row);
+        ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+      }
     }
     mask=(size_t) (1U << bits_per_pixel)-1;
     for (y = 0; y < (ssize_t) image->rows; y++)
@@ -473,7 +476,12 @@ static Image *ReadPALMImage(const ImageI
       if (bits_per_pixel == 16)
         {
           if (image->columns > (2*bytes_per_row))
-            ThrowReaderException(CorruptImageError,"CorruptImage");
+            {
+              one_row=(unsigned char *) RelinquishMagickMemory(one_row);
+              if (compressionType == PALM_COMPRESSION_SCANLINE)
+                lastrow=(unsigned char *) RelinquishMagickMemory(lastrow);
+              ThrowReaderException(CorruptImageError,"CorruptImage");
+            }
           for (x=0; x < (ssize_t) image->columns; x++)
           {
             color16=(*ptr++ << 8);
@@ -494,7 +502,12 @@ static Image *ReadPALMImage(const ImageI
           for (x=0; x < (ssize_t) image->columns; x++)
           {
             if ((size_t) (ptr-one_row) >= bytes_per_row)
-              ThrowReaderException(CorruptImageError,"CorruptImage");
+              {
+                one_row=(unsigned char *) RelinquishMagickMemory(one_row);
+                if (compressionType == PALM_COMPRESSION_SCANLINE)
+                  lastrow=(unsigned char *) RelinquishMagickMemory(lastrow);
+                ThrowReaderException(CorruptImageError,"CorruptImage");
+              }
             index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));
             SetPixelIndex(indexes+x,index);
             SetPixelRGBO(q,image->colormap+(ssize_t) index);

Places

File ImageMagick-CVE-2017-9407.patch of Package ImageMagick.9293

Places