Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
GraphicsMagick.6066
GraphicsMagick-CVE-2016-8684.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File GraphicsMagick-CVE-2016-8684.patch of Package GraphicsMagick.6066
Index: GraphicsMagick-1.3.21/coders/sgi.c =================================================================== --- GraphicsMagick-1.3.21.orig/coders/sgi.c 2016-10-18 13:28:55.410728730 +0200 +++ GraphicsMagick-1.3.21/coders/sgi.c 2016-10-18 13:28:55.470729640 +0200 @@ -286,6 +286,9 @@ static Image *ReadSGIImage(const ImageIn size_t count; + magick_off_t + file_size; + /* Open image file. */ @@ -301,6 +304,7 @@ static Image *ReadSGIImage(const ImageIn Read SGI raster header. */ iris_info.magic=ReadBlobMSBShort(image); + file_size=GetBlobSize(image); do { /* @@ -477,6 +481,33 @@ static Image *ReadSGIImage(const ImageIn ThrowReaderException(ResourceLimitError,ImagePixelLimitExceeded,image); /* + Check that filesize is reasonable given header + */ + { + double + uncompressed_size; + + uncompressed_size=((double) (iris_info.dimension == 3 ? iris_info.zsize : 1)* + image->columns*image->rows*iris_info.bytes_per_pixel); + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Uncompressed size: %.0f", uncompressed_size); + if (iris_info.storage != 0x01) + { + /* Not compressed */ + if (uncompressed_size > file_size) + ThrowReaderException(CorruptImageError,InsufficientImageDataInFile, + image); + } + else + { + /* RLE compressed */ + if (uncompressed_size > file_size*254.0) + ThrowReaderException(CorruptImageError,InsufficientImageDataInFile, + image); + } + } + + /* Allocate SGI pixels. */ bytes_per_pixel=iris_info.bytes_per_pixel;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor