Overview

File ImageMagick-6.2.5-overflow-sgi-CVE-2006-4144.patch of Package ImageMagick

--- coders/sgi.c
+++ coders/sgi.c
@@ -397,17 +397,21 @@
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
           offsets[i]=(ssize_t) ReadBlobMSBLong(image);
         for (i=0; i < (int) (iris_info.rows*iris_info.depth); i++)
+        {
           runlength[i]=ReadBlobMSBLong(image);
+          if (runlength[i] >= (4*(size_t) iris_info.columns+10))
+            ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+        }
         /*
           Check data order.
         */
         offset=0;
-        data_order=MagickFalse;
-        for (y=0; ((y < (long) iris_info.rows) && (data_order == MagickFalse)); y++)
-          for (z=0; ((z < (int) iris_info.depth) && (data_order == MagickFalse)); z++)
+        data_order=0;
+        for (y=0; ((y < (long) iris_info.rows) && (data_order == 0)); y++)
+          for (z=0; ((z < (int) iris_info.depth) && (data_order == 0)); z++)
           {
             if (offsets[y+z*iris_info.rows] < offset)
-              data_order=MagickTrue;
+              data_order=1;
             offset=offsets[y+z*iris_info.rows];
           }
         offset=(ssize_t) (512+4*bytes_per_pixel*2*(iris_info.rows*
openSUSE Build Service is sponsored by
Places