File ImageMagick-CVE-2023-34153.patch of Package ImageMagick.38524
Index: ImageMagick-7.1.0-9/coders/video.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/video.c
+++ ImageMagick-7.1.0-9/coders/video.c
@@ -64,6 +64,16 @@
#include "MagickCore/utility-private.h"
/*
+ Global declarations.
+*/
+static const char*
+ intermediate_formats[] =
+ {
+ "pam",
+ "webp"
+ };
+
+/*
Forward declarations.
*/
static MagickBooleanType
@@ -96,15 +106,6 @@ static MagickBooleanType
%
*/
-static MagickBooleanType IsAVI(const unsigned char *magick,const size_t length)
-{
- if (length < 4)
- return(MagickFalse);
- if (memcmp(magick,"RIFF",4) == 0)
- return(MagickTrue);
- return(MagickFalse);
-}
-
static MagickBooleanType IsPNG(const unsigned char *magick,const size_t length)
{
if (length < 8)
@@ -151,6 +152,22 @@ static MagickBooleanType IsVIDEO(const u
% o exception: return any errors or warnings in this structure.
%
*/
+
+static const char *GetIntermediateFormat(const ImageInfo *image_info)
+{
+ const char
+ *option;
+
+ option=GetImageOption(image_info,"video:intermediate-format");
+ if (LocaleCompare(option,"pam") == 0)
+ return(intermediate_formats[0]);
+#if defined(MAGICKCORE_WEBP_DELEGATE)
+ return(intermediate_formats[1]);
+#else
+ return(intermediate_formats[0]);
+#endif
+}
+
static Image *ReadVIDEOImage(const ImageInfo *image_info,
ExceptionInfo *exception)
{
@@ -173,11 +190,11 @@ static Image *ReadVIDEOImage(const Image
*/
assert(image_info != (const ImageInfo *) NULL);
assert(image_info->signature == MagickCoreSignature);
- if (image_info->debug != MagickFalse)
- (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",
- image_info->filename);
assert(exception != (ExceptionInfo *) NULL);
assert(exception->signature == MagickCoreSignature);
+ if (IsEventLogging() != MagickFalse)
+ (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",
+ image_info->filename);
image=AcquireImage(image_info,exception);
status=OpenBlob(image_info,image,ReadBinaryBlobMode,exception);
if (status == MagickFalse)
@@ -200,10 +217,10 @@ static Image *ReadVIDEOImage(const Image
message[MagickPathExtent];
char
- *options,
- *sanitized_option;
+ *options;
const char
+ *intermediate_format,
*option;
int
@@ -216,40 +233,45 @@ static Image *ReadVIDEOImage(const Image
option=GetImageOption(image_info,"video:vsync");
if (option != (const char *) NULL)
{
- sanitized_option=SanitizeDelegateString(option);
- (void) FormatLocaleString(command,MagickPathExtent," -vsync %s",
- sanitized_option);
- DestroyString(sanitized_option);
+ FormatSanitizedDelegateOption(command,MagickPathExtent,
+ " -vsync \"%s\""," -vsync '%s'",option);
(void) ConcatenateMagickString(options,command,MagickPathExtent);
}
option=GetImageOption(image_info,"video:pixel-format");
if (option != (const char *) NULL)
{
- sanitized_option=SanitizeDelegateString(option);
- (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s",
- sanitized_option);
- DestroyString(sanitized_option);
+ FormatSanitizedDelegateOption(command,MagickPathExtent,
+ " -pix_fmt \"%s\""," -pix_fmt '%s'",option);
(void) ConcatenateMagickString(options,command,MagickPathExtent);
}
else
if (LocaleNCompare(image_info->magick,"APNG",MagickPathExtent) == 0)
(void) ConcatenateMagickString(options," -pix_fmt rgba",
MagickPathExtent);
+ intermediate_format=GetIntermediateFormat(image_info);
+ (void) FormatLocaleString(command,MagickPathExtent," -vcodec %s",
+ intermediate_format);
+ (void) ConcatenateMagickString(options,command,MagickPathExtent);
AcquireUniqueFilename(read_info->unique);
+ (void) AcquireUniqueSymbolicLink(image_info->filename,
+ read_info->filename);
(void) FormatLocaleString(command,MagickPathExtent,
GetDelegateCommands(delegate_info),read_info->filename,options,
read_info->unique);
options=DestroyString(options);
- (void) CopyMagickString(read_info->magick,"pam",MagickPathExtent);
+ (void) CopyMagickString(read_info->magick,intermediate_format,
+ MagickPathExtent);
(void) CopyMagickString(read_info->filename,read_info->unique,
MagickPathExtent);
exit_code=ExternalDelegateCommand(MagickFalse,image_info->verbose,
command,message,exception);
if (exit_code == 0)
images=ReadImage(read_info,exception);
- else if (*message != '\0')
- (void) ThrowMagickException(exception,GetMagickModule(),
- DelegateError,"VideoDelegateFailed","`%s'",message);
+ else
+ if (*message != '\0')
+ (void) ThrowMagickException(exception,GetMagickModule(),DelegateError,
+ "VideoDelegateFailed","`%s'",message);
+ (void) RelinquishUniqueFileResource(read_info->filename);
(void) RelinquishUniqueFileResource(read_info->unique);
if (images != (Image *) NULL)
for (next=images; next != (Image *) NULL; next=next->next)
@@ -310,7 +332,6 @@ ModuleExport size_t RegisterVIDEOImage(v
(void) RegisterMagickInfo(entry);
entry=AcquireMagickInfo("VIDEO","AVI","Microsoft Audio/Visual Interleaved");
entry->decoder=(DecodeImageHandler *) ReadVIDEOImage;
- entry->magick=(IsImageFormatHandler *) IsAVI;
entry->flags^=CoderBlobSupportFlag;
(void) RegisterMagickInfo(entry);
entry=AcquireMagickInfo("VIDEO","FLV","Flash Video Stream");
@@ -513,12 +534,13 @@ static MagickBooleanType CopyDelegateFil
static MagickBooleanType WriteVIDEOImage(const ImageInfo *image_info,
Image *image,ExceptionInfo *exception)
{
-#define WriteVIDEOIntermediateFormat "pam"
-
char
basename[MagickPathExtent],
filename[MagickPathExtent];
+ const char
+ *intermediate_format;
+
const DelegateInfo
*delegate_info;
@@ -526,7 +548,7 @@ static MagickBooleanType WriteVIDEOImage
delay;
Image
- *coalesce_image;
+ *clone_images;
ImageInfo
*write_info;
@@ -558,27 +580,28 @@ static MagickBooleanType WriteVIDEOImage
assert(image_info->signature == MagickCoreSignature);
assert(image != (Image *) NULL);
assert(image->signature == MagickCoreSignature);
- if (image->debug != MagickFalse)
- (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
assert(exception != (ExceptionInfo *) NULL);
assert(exception->signature == MagickCoreSignature);
+ if (IsEventLogging() != MagickFalse)
+ (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",image->filename);
/*
Write intermediate files.
*/
- coalesce_image=CoalesceImages(image,exception);
- if (coalesce_image == (Image *) NULL)
+ clone_images=CloneImageList(image,exception);
+ if (clone_images == (Image *) NULL)
return(MagickFalse);
file=AcquireUniqueFileResource(basename);
if (file != -1)
file=close(file)-1;
- (void) FormatLocaleString(coalesce_image->filename,MagickPathExtent,"%s",
+ (void) FormatLocaleString(clone_images->filename,MagickPathExtent,"%s",
basename);
count=0;
write_info=CloneImageInfo(image_info);
write_info->file=(FILE *) NULL;
*write_info->magick='\0';
status=MagickTrue;
- for (p=coalesce_image; p != (Image *) NULL; p=GetNextImageInList(p))
+ intermediate_format=GetIntermediateFormat(image_info);
+ for (p=clone_images; p != (Image *) NULL; p=GetNextImageInList(p))
{
char
previous_image[MagickPathExtent];
@@ -600,12 +623,11 @@ static MagickBooleanType WriteVIDEOImage
*frame;
(void) FormatLocaleString(p->filename,MagickPathExtent,"%s%.20g.%s",
- basename,(double) p->scene,WriteVIDEOIntermediateFormat);
+ basename,(double) p->scene,intermediate_format);
(void) FormatLocaleString(filename,MagickPathExtent,"%s%.20g.%s",
- basename,(double) p->scene,WriteVIDEOIntermediateFormat);
+ basename,(double) p->scene,intermediate_format);
(void) FormatLocaleString(previous_image,MagickPathExtent,
- "%s%.20g.%s",basename,(double) p->scene,
- WriteVIDEOIntermediateFormat);
+ "%s%.20g.%s",basename,(double) p->scene,intermediate_format);
frame=CloneImage(p,0,0,MagickTrue,exception);
if (frame == (Image *) NULL)
break;
@@ -621,7 +643,7 @@ static MagickBooleanType WriteVIDEOImage
default:
{
(void) FormatLocaleString(filename,MagickPathExtent,"%s%.20g.%s",
- basename,(double) p->scene,WriteVIDEOIntermediateFormat);
+ basename,(double) p->scene,intermediate_format);
if (length > 0)
status=BlobToFile(filename,blob,length,exception);
break;
@@ -632,11 +654,11 @@ static MagickBooleanType WriteVIDEOImage
if (status != MagickFalse)
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
"%.20g. Wrote %s file for scene %.20g:",(double) i,
- WriteVIDEOIntermediateFormat,(double) p->scene);
+ intermediate_format,(double) p->scene);
else
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
"%.20g. Failed to write %s file for scene %.20g:",(double) i,
- WriteVIDEOIntermediateFormat,(double) p->scene);
+ intermediate_format,(double) p->scene);
(void) LogMagickEvent(CoderEvent,GetMagickModule(),"%s",filename);
}
}
@@ -657,8 +679,7 @@ static MagickBooleanType WriteVIDEOImage
message[MagickPathExtent];
char
- *options,
- *sanitized_option;
+ *options;
const char
*option;
@@ -668,20 +689,18 @@ static MagickBooleanType WriteVIDEOImage
options=AcquireString("");
(void) FormatLocaleString(options,MagickPathExtent,"-plays %i",
- (int) coalesce_image->iterations);
+ (int) clone_images->iterations);
option=GetImageOption(image_info,"video:pixel-format");
if (option != (const char *) NULL)
{
- sanitized_option=SanitizeDelegateString(option);
- (void) FormatLocaleString(command,MagickPathExtent," -pix_fmt %s",
- sanitized_option);
- DestroyString(sanitized_option);
+ FormatSanitizedDelegateOption(command,MagickPathExtent,
+ " -pix_fmt \"%s\""," -pix_fmt '%s'",option);
(void) ConcatenateMagickString(options,command,MagickPathExtent);
}
AcquireUniqueFilename(write_info->unique);
(void) FormatLocaleString(command,MagickPathExtent,
- GetDelegateCommands(delegate_info),basename,options,write_info->unique,
- image_info->magick);
+ GetDelegateCommands(delegate_info),basename,intermediate_format,
+ options,write_info->unique,image_info->magick);
options=DestroyString(options);
exit_code=ExternalDelegateCommand(MagickFalse,image_info->verbose,
command,message,exception);
@@ -705,18 +724,18 @@ static MagickBooleanType WriteVIDEOImage
Relinquish resources.
*/
count=0;
- for (p=coalesce_image; p != (Image *) NULL; p=GetNextImageInList(p))
+ for (p=clone_images; p != (Image *) NULL; p=GetNextImageInList(p))
{
delay=100.0*p->delay/MagickMax(1.0*p->ticks_per_second,1.0);
for (i=0; i < (ssize_t) MagickMax((1.0*delay+1.0)/3.0,1.0); i++)
{
(void) FormatLocaleString(p->filename,MagickPathExtent,"%s%.20g.%s",
- basename,(double) count++,WriteVIDEOIntermediateFormat);
+ basename,(double) count++,intermediate_format);
(void) RelinquishUniqueFileResource(p->filename);
}
(void) CopyMagickString(p->filename,image_info->filename,MagickPathExtent);
}
(void) RelinquishUniqueFileResource(basename);
- coalesce_image=DestroyImageList(coalesce_image);
+ clone_images=DestroyImageList(clone_images);
return(status);
}
Index: ImageMagick-7.1.0-9/coders/video.h
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/video.h
+++ ImageMagick-7.1.0-9/coders/video.h
@@ -17,8 +17,7 @@
#include "coders/coders-private.h"
#define MagickVIDEOHeaders \
- MagickCoderHeader("VIDEO", 0, "\000\000\001\263") \
- MagickCoderHeader("VIDEO", 0, "RIFF")
+ MagickCoderHeader("VIDEO", 0, "\000\000\001\263")
#define MagickVIDEOAliases \
MagickCoderAlias("VIDEO", "3GP") \
Index: ImageMagick-7.1.0-9/config/delegates.xml.in
===================================================================
--- ImageMagick-7.1.0-9.orig/config/delegates.xml.in
+++ ImageMagick-7.1.0-9/config/delegates.xml.in
@@ -120,6 +120,6 @@
<delegate decode="xps:cmyk" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSCMYKDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
<delegate decode="xps:color" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSColorDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
<delegate decode="xps:mono" stealth="True" command=""@XPSDelegate@" -dQUIET -dSAFER -dBATCH -dNOPAUSE -dNOPROMPT -dMaxBitmap=500000000 -dAlignToPixels=0 -dGridFitTT=2 "-sDEVICE=@XPSMonoDevice@" -dTextAlphaBits=%u -dGraphicsAlphaBits=%u "-r%s" %s "-sOutputFile=%s" "%s""/>
- <delegate decode="video:decode" command=""@VIDEODecodeDelegate@" -nostdin -loglevel error -i "%s" -vcodec pam -an -f rawvideo -y %s "%s""/>
- <delegate encode="video:encode" stealth="True" command=""@VIDEOEncodeDelegate@" -nostdin -loglevel error -i "%s%%d.pam" %s "%s.%s""/>
+ <delegate decode="video:decode" command=""@VIDEODecodeDelegate@" -nostdin -loglevel error -i "%s" -an -f rawvideo -y %s "%s""/>
+ <delegate encode="video:encode" stealth="True" command=""@VIDEOEncodeDelegate@" -nostdin -loglevel error -i "%s%%d.%s" %s "%s.%s""/>
</delegatemap>
Index: ImageMagick-7.1.0-9/MagickCore/delegate-private.h
===================================================================
--- ImageMagick-7.1.0-9.orig/MagickCore/delegate-private.h
+++ ImageMagick-7.1.0-9/MagickCore/delegate-private.h
@@ -107,6 +107,19 @@ static inline char *SanitizeDelegateStri
return(sanitize_source);
}
+static inline void FormatSanitizedDelegateOption(char *string,
+ const size_t length,const char *magick_unused(windows_format),
+ const char *non_windows_format,const char *option)
+{
+ char
+ *sanitized_option;
+
+ magick_unreferenced(windows_format);
+ sanitized_option=SanitizeDelegateString(option);
+ (void) FormatLocaleString(string,length,non_windows_format,sanitized_option);
+ sanitized_option=DestroyString(sanitized_option);
+}
+
extern MagickPrivate MagickBooleanType
DelegateComponentGenesis(void);
