File ImageMagick-CVE-2023-34151.patch of Package ImageMagick.30955
Index: ImageMagick-7.0.7-34/MagickCore/annotate.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/annotate.c
+++ ImageMagick-7.0.7-34/MagickCore/annotate.c
@@ -632,7 +632,7 @@ MagickExport ssize_t FormatMagickCaption
status=GetTypeMetrics(image,draw_info,metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
if ((width <= image->columns) || (s == (char *) NULL))
continue;
if ((s != (char *) NULL) && (GetUTFOctets(s) == 1))
@@ -684,7 +684,7 @@ MagickExport ssize_t FormatMagickCaption
status=GetTypeMetrics(image,draw_info,metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics->width+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics->width+draw_info->stroke_width+0.5);
if ((width <= image->columns) || (strcmp(text,draw_info->text) == 0))
continue;
(void) strcpy(text,draw_info->text);
Index: ImageMagick-7.0.7-34/MagickCore/draw.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/draw.c
+++ ImageMagick-7.0.7-34/MagickCore/draw.c
@@ -3262,7 +3262,7 @@ MagickExport MagickBooleanType DrawImage
GetNextToken(q,&q,extent,token);
if (*token == ',')
GetNextToken(q,&q,extent,token);
- bounds.height=(size_t) floor(StringToDouble(token,&next_token)+
+ bounds.height=CastDoubleToUnsigned(StringToDouble(token,&next_token)+
0.5);
if (token == next_token)
ThrowPointExpectedException(token,exception);
Index: ImageMagick-7.0.7-34/MagickCore/geometry.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/geometry.c
+++ ImageMagick-7.0.7-34/MagickCore/geometry.c
@@ -1385,8 +1385,8 @@ MagickExport MagickStatusType ParseMetaG
scale.y=geometry_info.sigma;
if ((percent_flags & SigmaValue) == 0)
scale.y=scale.x;
- *width=(size_t) MagickMax(floor(scale.x*former_width/100.0+0.5),1.0);
- *height=(size_t) MagickMax(floor(scale.y*former_height/100.0+0.5),1.0);
+ *width=CastDoubleToUnsigned(MagickMax(floor(scale.x*former_width/100.0+0.5),1.0));
+ *height=CastDoubleToUnsigned(MagickMax(floor(scale.y*former_height/100.0+0.5),1.0));
former_width=(*width);
former_height=(*height);
}
@@ -1409,7 +1409,7 @@ MagickExport MagickStatusType ParseMetaG
if (geometry_ratio >= image_ratio)
{
*width=former_width;
- *height=(size_t) floor((double) (PerceptibleReciprocal(
+ *height=CastDoubleToUnsigned((double) (PerceptibleReciprocal(
geometry_ratio)*former_height*image_ratio)+0.5);
}
else
Index: ImageMagick-7.0.7-34/MagickCore/shear.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/shear.c
+++ ImageMagick-7.0.7-34/MagickCore/shear.c
@@ -1753,9 +1753,9 @@ MagickExport Image *ShearRotateImage(con
*/
width=integral_image->columns;
height=integral_image->rows;
- bounds.width=(size_t) floor(fabs((double) height*shear.x)+width+0.5);
- bounds.height=(size_t) floor(fabs((double) bounds.width*shear.y)+height+0.5);
- shear_width=(size_t) floor(fabs((double) bounds.height*shear.x)+
+ bounds.width=CastDoubleToUnsigned(fabs((double) height*shear.x)+width+0.5);
+ bounds.height=CastDoubleToUnsigned(fabs((double) bounds.width*shear.y)+height+0.5);
+ shear_width=CastDoubleToUnsigned(fabs((double) bounds.height*shear.x)+
bounds.width+0.5);
bounds.x=(ssize_t) floor((double) ((shear_width > bounds.width) ? width :
bounds.width-shear_width+2)/2.0+0.5);
Index: ImageMagick-7.0.7-34/coders/caption.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/caption.c
+++ ImageMagick-7.0.7-34/coders/caption.c
@@ -153,7 +153,7 @@ static Image *ReadCAPTIONImage(const Ima
return(DestroyImageList(image));
(void) SetImageProperty(image,"caption",caption,exception);
draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
- width=(size_t) floor(draw_info->pointsize*strlen(caption)+0.5);
+ width=CastDoubleToUnsigned(draw_info->pointsize*strlen(caption)+0.5);
if (AcquireMagickResource(WidthResource,width) == MagickFalse)
{
caption=DestroyString(caption);
@@ -238,8 +238,8 @@ static Image *ReadCAPTIONImage(const Ima
status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width >= image->columns) && (height >= image->rows))
@@ -266,8 +266,8 @@ static Image *ReadCAPTIONImage(const Ima
status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width < image->columns) && (height < image->rows))
Index: ImageMagick-7.0.7-34/coders/label.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/label.c
+++ ImageMagick-7.0.7-34/coders/label.c
@@ -130,7 +130,7 @@ static Image *ReadLABELImage(const Image
return(DestroyImageList(image));
(void) SetImageProperty(image,"label",label,exception);
draw_info=CloneDrawInfo(image_info,(DrawInfo *) NULL);
- width=(size_t) floor(draw_info->pointsize*strlen(label)+0.5);
+ width=CastDoubleToUnsigned(draw_info->pointsize*strlen(label)+0.5);
if (AcquireMagickResource(WidthResource,width) == MagickFalse)
{
label=DestroyString(label);
@@ -171,8 +171,8 @@ static Image *ReadLABELImage(const Image
status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width >= image->columns) && (height >= image->rows))
@@ -201,8 +201,8 @@ static Image *ReadLABELImage(const Image
status=GetMultilineTypeMetrics(image,draw_info,&metrics,exception);
if (status == MagickFalse)
break;
- width=(size_t) floor(metrics.width+draw_info->stroke_width+0.5);
- height=(size_t) floor(metrics.height+draw_info->stroke_width+0.5);
+ width=CastDoubleToUnsigned(metrics.width+draw_info->stroke_width+0.5);
+ height=CastDoubleToUnsigned(metrics.height+draw_info->stroke_width+0.5);
if ((image->columns != 0) && (image->rows != 0))
{
if ((width < image->columns) && (height < image->rows))
Index: ImageMagick-7.0.7-34/coders/pcl.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/pcl.c
+++ ImageMagick-7.0.7-34/coders/pcl.c
@@ -343,8 +343,8 @@ static Image *ReadPCLImage(const ImageIn
options=AcquireString("");
(void) FormatLocaleString(density,MagickPathExtent,"%gx%g",
image->resolution.x,image->resolution.y);
- page.width=(size_t) floor(page.width*image->resolution.x/delta.x+0.5);
- page.height=(size_t) floor(page.height*image->resolution.y/delta.y+0.5);
+ page.width=CastDoubleToUnsigned(page.width*image->resolution.x/delta.x+0.5);
+ page.height=CastDoubleToUnsigned(page.height*image->resolution.y/delta.y+0.5);
(void) FormatLocaleString(options,MagickPathExtent,"-g%.20gx%.20g ",(double)
page.width,(double) page.height);
image=DestroyImage(image);
Index: ImageMagick-7.0.7-34/coders/pdf.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/pdf.c
+++ ImageMagick-7.0.7-34/coders/pdf.c
@@ -1660,9 +1660,9 @@ RestoreMSCWarning
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
if (image->gravity != UndefinedGravity)
Index: ImageMagick-7.0.7-34/coders/ps.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/ps.c
+++ ImageMagick-7.0.7-34/coders/ps.c
@@ -1638,9 +1638,9 @@ static MagickBooleanType WritePSImage(co
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
if (image->gravity != UndefinedGravity)
Index: ImageMagick-7.0.7-34/coders/ps2.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/ps2.c
+++ ImageMagick-7.0.7-34/coders/ps2.c
@@ -537,9 +537,9 @@ static MagickBooleanType WritePS2Image(c
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
if (image->gravity != UndefinedGravity)
Index: ImageMagick-7.0.7-34/coders/ps3.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/ps3.c
+++ ImageMagick-7.0.7-34/coders/ps3.c
@@ -983,9 +983,9 @@ static MagickBooleanType WritePS3Image(c
(void) ParseMetaGeometry(page_geometry,&geometry.x,&geometry.y,
&geometry.width,&geometry.height);
scale.x=(double) (geometry.width*delta.x)/resolution.x;
- geometry.width=(size_t) floor(scale.x+0.5);
+ geometry.width=CastDoubleToUnsigned(scale.x+0.5);
scale.y=(double) (geometry.height*delta.y)/resolution.y;
- geometry.height=(size_t) floor(scale.y+0.5);
+ geometry.height=CastDoubleToUnsigned(scale.y+0.5);
(void) ParseAbsoluteGeometry(page_geometry,&media_info);
(void) ParseGravityGeometry(image,page_geometry,&page_info,exception);
if (image->gravity != UndefinedGravity)
Index: ImageMagick-7.0.7-34/coders/svg.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/svg.c
+++ ImageMagick-7.0.7-34/coders/svg.c
@@ -2301,10 +2301,10 @@ static void SVGStartElement(void *contex
svg_info->view_box=svg_info->bounds;
svg_info->width=0;
if (svg_info->bounds.width > 0.0)
- svg_info->width=(size_t) floor(svg_info->bounds.width+0.5);
+ svg_info->width=CastDoubleToUnsigned(svg_info->bounds.width+0.5);
svg_info->height=0;
if (svg_info->bounds.height > 0.0)
- svg_info->height=(size_t) floor(svg_info->bounds.height+0.5);
+ svg_info->height=CastDoubleToUnsigned(svg_info->bounds.height+0.5);
(void) FormatLocaleFile(svg_info->file,"viewbox 0 0 %.20g %.20g\n",
(double) svg_info->width,(double) svg_info->height);
sx=(double) svg_info->width/svg_info->view_box.width;
Index: ImageMagick-7.0.7-34/MagickCore/image-private.h
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/image-private.h
+++ ImageMagick-7.0.7-34/MagickCore/image-private.h
@@ -22,6 +22,10 @@
extern "C" {
#endif
+#include <errno.h>
+#include <stdint.h>
+#include <limits.h>
+
#define MagickAbsoluteValue(x) ((x) < 0 ? -(x) : (x))
#define MagickMax(x,y) (((x) > (y)) ? (x) : (y))
#define MagickMin(x,y) (((x) < (y)) ? (x) : (y))
@@ -32,6 +36,8 @@ extern "C" {
#define MagickSQ1_2 0.70710678118654752440084436210484903928483593768847
#define MagickSQ2 1.41421356237309504880168872420969807856967187537695
#define MagickSQ2PI 2.50662827463100024161235523934010416269302368164062
+#define MAGICK_SIZE_MAX (SIZE_MAX)
+#define MAGICK_SSIZE_MAX (SSIZE_MAX)
#define UndefinedTicksPerSecond 100L
#define UndefinedCompressionQuality 0UL
@@ -53,6 +59,26 @@ extern MagickExport const char
extern MagickExport const double
DefaultResolution;
+static inline size_t CastDoubleToUnsigned(const double x)
+{
+ if (IsNaN(x) != 0)
+ {
+ errno=ERANGE;
+ return(0);
+ }
+ if (floor(x) > ((double) MAGICK_SSIZE_MAX-1))
+ {
+ errno=ERANGE;
+ return((size_t) MAGICK_SIZE_MAX);
+ }
+ if (ceil(x) < 0.0)
+ {
+ errno=ERANGE;
+ return(0);
+ }
+ return((size_t) x);
+}
+
static inline double DegreesToRadians(const double degrees)
{
return((double) (MagickPI*degrees/180.0));
Index: ImageMagick-7.0.7-34/MagickCore/fx.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/fx.c
+++ ImageMagick-7.0.7-34/MagickCore/fx.c
@@ -4382,8 +4382,8 @@ MagickExport Image *ShadowImage(const Im
(void) SetImageColorspace(clone_image,sRGBColorspace,exception);
(void) SetImageVirtualPixelMethod(clone_image,EdgeVirtualPixelMethod,
exception);
- border_info.width=(size_t) floor(2.0*sigma+0.5);
- border_info.height=(size_t) floor(2.0*sigma+0.5);
+ border_info.width=CastDoubleToUnsigned(2.0*sigma+0.5);
+ border_info.height=CastDoubleToUnsigned(2.0*sigma+0.5);
border_info.x=0;
border_info.y=0;
(void) QueryColorCompliance("none",AllCompliance,&clone_image->border_color,
