Overview

File ImageMagick-6.2.5-overflow-sgi-CVE-2006-5868.patch of Package ImageMagick

--- coders/sgi.c
+++ coders/sgi.c
@@ -172,13 +172,13 @@
   q=pixels;
   if (bytes_per_pixel == 2)
     {
-      for (i=0; i < (long) width; )
+      for ( i=0 ; ; )
       {
         pixel=(unsigned long) (*p++) << 8;
         pixel|=(*p++);
         count=(ssize_t) (pixel & 0x7f);
         i+=count;
-        if (count == 0)
+        if (count == 0 || i > (long) width)
           break;
         if ((pixel & 0x80) != 0)
           for ( ; count != 0; count--)
@@ -201,13 +201,13 @@
       }
       return;
     }
-  for (i=0; i < (long) width; )
+  for ( i=0 ; ; )
   {
     pixel=(unsigned long) (*p++);
     count=(ssize_t) (pixel & 0x7f);
-    if (count == 0)
-      break;
     i+=count;
+    if (count == 0 || i > (long) width)
+      break;
     if ((pixel & 0x80) != 0)
       for ( ; count != 0; count--)
       {
@@ -305,6 +305,8 @@
     image->columns=iris_info.columns;
     image->rows=iris_info.rows;
     image->depth=(unsigned long) (iris_info.depth <= 8 ? 8 : QuantumDepth);
+    if (iris_info.depth > 4 || iris_info.depth == 0)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     if (iris_info.depth < 3)
       {
         image->storage_class=PseudoClass;
openSUSE Build Service is sponsored by
Places