Overview

File GraphicsMagick-CVE-2022-1270.patch of Package GraphicsMagick.23717

Index: GraphicsMagick-1.3.35/coders/miff.c
===================================================================
--- GraphicsMagick-1.3.35.orig/coders/miff.c
+++ GraphicsMagick-1.3.35/coders/miff.c
@@ -1788,9 +1788,20 @@ static Image *ReadMIFFImage(const ImageI
                       else
                         {
                           length=ReadBlobMSBLong(image);
+                          if (image->logging)
+                            (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                                  "length = %"MAGICK_SIZE_T_F"u",
+                                                  (MAGICK_SIZE_T) length);
+                          if ((length == 0) || (length > compressed_length))
+                            {
+                              (void) BZ2_bzDecompressEnd(&bzip_info);
+                              ThrowMIFFReaderException(CorruptImageError,UnableToUncompressImage,
+                                                       image);
+                            }
                           bzip_info.avail_in=(unsigned int) ReadBlob(image,length,bzip_info.next_in);
                           if ((size_t) bzip_info.avail_in != length)
                             {
+                              (void) BZ2_bzDecompressEnd(&bzip_info);
                               ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile,
                                                    image);
                             }
openSUSE Build Service is sponsored by
Places