Overview

File ImageMagick-CVE-2026-22770.patch of Package ImageMagick.42529

From 3e0330721020e0c5bb52e4b77c347527dd71658e Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Sun, 4 Jan 2026 15:26:48 +0100
Subject: [PATCH] Correct memset initialization and add an overflow check
 (GHSA-39h3-g67r-7g3c)

---
 MagickCore/effect.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

Index: ImageMagick-7.1.1-21/MagickCore/effect.c
===================================================================
--- ImageMagick-7.1.1-21.orig/MagickCore/effect.c
+++ ImageMagick-7.1.1-21/MagickCore/effect.c
@@ -879,16 +879,21 @@ static double **AcquireBilateralTLS(cons
   double
     **weights;
 
+  size_t
+    count;
+
   ssize_t
     i;
 
+  if (HeapOverflowSanityCheckGetSize(height,sizeof(**weights),&count) != MagickFalse)
+    return((double **) NULL);
   weights=(double **) AcquireQuantumMemory(number_threads+1,sizeof(*weights));
   if (weights == (double **) NULL)
     return((double **) NULL);
-  (void) memset(weights,0,number_threads*sizeof(*weights));
+  (void) memset(weights,0,(number_threads+1)*sizeof(*weights));
   for (i=0; i <= (ssize_t) number_threads; i++)
   {
-    weights[i]=(double *) AcquireQuantumMemory(width,height*sizeof(**weights));
+    weights[i]=(double *) AcquireQuantumMemory(width,count);
     if (weights[i] == (double *) NULL)
       return(DestroyBilateralTLS(number_threads,weights));
   }
openSUSE Build Service is sponsored by
Places