Overview

File GraphicsMagick-CVE-2014-9845.patch of Package GraphicsMagick.7727

Index: GraphicsMagick-1.3.21/coders/dib.c
===================================================================
--- GraphicsMagick-1.3.21.orig/coders/dib.c	2015-02-28 21:51:58.000000000 +0100
+++ GraphicsMagick-1.3.21/coders/dib.c	2016-08-05 09:59:13.294885636 +0200
@@ -447,6 +447,14 @@ static unsigned int IsDIB(const unsigned
 */
 static Image *ReadDIBImage(const ImageInfo *image_info,ExceptionInfo *exception)
 {
+#define BI_RGB  0
+#define BI_RLE8  1
+#define BI_RLE4  2
+#define BI_BITFIELDS  3
+#undef BI_JPEG
+#define BI_JPEG  4
+#undef BI_PNG
+#define BI_PNG  5
   DIBInfo
     dib_info;
 
@@ -551,7 +559,40 @@ static Image *ReadDIBImage(const ImageIn
       ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
   if (dib_info.height == 0)
       ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
-  image->matte=dib_info.bits_per_pixel == 32;
+  if (dib_info.width <= 0)
+    ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
+  if (dib_info.height == 0)
+    ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image);
+  if (dib_info.planes != 1)
+    ThrowReaderException(CorruptImageError,StaticPlanesValueNotEqualToOne,image);
+  if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
+      (dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
+      (dib_info.bits_per_pixel != 24) && (dib_info.bits_per_pixel != 32))
+    ThrowReaderException(CorruptImageError,UnrecognizedBitsPerPixel,image);
+  if (dib_info.bits_per_pixel < 16 &&
+      dib_info.number_colors > (1U << dib_info.bits_per_pixel))
+    ThrowReaderException(CorruptImageError,InvalidColormapIndex,image);
+  if ((dib_info.compression == 1) && (dib_info.bits_per_pixel != 8))
+    ThrowReaderException(CorruptImageError,UnrecognizedBitsPerPixel,image);
+  if ((dib_info.compression == 2) && (dib_info.bits_per_pixel != 4))
+    ThrowReaderException(CorruptImageError,UnrecognizedBitsPerPixel,image);
+  if ((dib_info.compression == 3) && (dib_info.bits_per_pixel < 16))
+    ThrowReaderException(CorruptImageError,UnrecognizedBitsPerPixel,image);
+  switch (dib_info.compression)
+  {
+    case BI_RGB:
+    case BI_RLE8:
+    case BI_RLE4:
+    case BI_BITFIELDS:
+      break;
+    case BI_JPEG:
+      ThrowReaderException(CoderError,JPEGCompressionNotSupported,image);
+    case BI_PNG:
+      ThrowReaderException(CoderError,PNGCompressionNotSupported,image);
+    default:
+      ThrowReaderException(CorruptImageError,UnrecognizedImageCompression,image);
+  }
+  image->matte=dib_info.bits_per_pixel == 32 ? MagickTrue : MagickFalse;
   image->columns=AbsoluteValue(dib_info.width);
   image->rows=AbsoluteValue(dib_info.height);
   image->depth=8;
openSUSE Build Service is sponsored by
Places