Overview

File ImageMagick-CVE-2021-20313.patch of Package ImageMagick.25859

Index: ImageMagick-7.0.7-34/MagickCore/cipher.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/cipher.c	2018-05-20 17:55:42.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/cipher.c	2021-04-15 14:20:18.302991137 +0200
@@ -482,8 +482,8 @@ static void EncipherAESBlock(AESInfo *ae
     Reset registers.
   */
   alpha=0;
-  (void) memset(key,0,sizeof(key));
-  (void) memset(text,0,sizeof(text));
+  (void) ResetMagickMemory(key,0,sizeof(key));
+  (void) ResetMagickMemory(text,0,sizeof(text));
 }
 
 /*
@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDe
   */
   quantum_info=DestroyQuantumInfo(quantum_info);
   aes_info=DestroyAESInfo(aes_info);
-  (void) memset(input_block,0,sizeof(input_block));
-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));
   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
 }
 
@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEn
   */
   quantum_info=DestroyQuantumInfo(quantum_info);
   aes_info=DestroyAESInfo(aes_info);
-  (void) memset(input_block,0,sizeof(input_block));
-  (void) memset(output_block,0,sizeof(output_block));
+  (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+  (void) ResetMagickMemory(output_block,0,sizeof(output_block));
   return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
 }
 
Index: ImageMagick-7.0.7-34/MagickCore/memory.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/memory.c	2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/memory.c	2021-04-15 14:20:18.302991137 +0200
@@ -1160,26 +1160,36 @@ MagickExport MemoryInfo *RelinquishVirtu
 %                                                                             %
 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
 %
-%  ResetMagickMemory() fills the first size bytes of the memory area pointed to
-%  by memory with the constant byte c.
+%  ResetMagickMemory() fills the first size bytes of the memory area pointed to %  by memory with the constant byte c.  We use a volatile pointer when
+%  updating the byte string.  Most compilers will avoid optimizing away access
+%  to a volatile pointer, even if the pointer appears to be unused after the
+%  call.
 %
 %  The format of the ResetMagickMemory method is:
 %
-%      void *ResetMagickMemory(void *memory,int byte,const size_t size)
+%      void *ResetMagickMemory(void *memory,int c,const size_t size)
 %
 %  A description of each parameter follows:
 %
 %    o memory: a pointer to a memory allocation.
 %
-%    o byte: set the memory to this value.
+%    o c: set the memory to this value.
 %
 %    o size: size of the memory to reset.
 %
 */
-MagickExport void *ResetMagickMemory(void *memory,int byte,const size_t size)
+MagickExport void *ResetMagickMemory(void *memory,int c,const size_t size)
 {
+  volatile unsigned char
+    *p = memory;
+
+  size_t
+    n = size;
+
   assert(memory != (void *) NULL);
-  return(memset(memory,byte,size));
+  while (n-- != 0)
+  	*p++=(unsigned char) c;
+  return(memory);
 }
 
 /*
Index: ImageMagick-7.0.7-34/MagickCore/signature.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/signature.c	2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/signature.c	2021-04-15 14:20:18.306991160 +0200
@@ -749,7 +749,7 @@ RestoreMSCWarning
   T=0;
   T1=0;
   T2=0;
-  (void) memset(W,0,sizeof(W));
+  (void) ResetMagickMemory(W,0,sizeof(W));
 }
 
 /*
openSUSE Build Service is sponsored by
Places