Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
GraphicsMagick.8039
GraphicsMagick-CVE-2017-14165.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File GraphicsMagick-CVE-2017-14165.patch of Package GraphicsMagick.8039
--- a/coders/sun.c Sun Aug 20 12:21:03 2017 +0200 +++ b/coders/sun.c Sun Aug 20 14:29:48 2017 -0500 @@ -498,6 +498,12 @@ if (sun_info.depth < 8) image->depth=sun_info.depth; + if (image_info->ping) + { + CloseBlob(image); + return(image); + } + /* Compute bytes per line and bytes per image for an unencoded image. @@ -522,15 +528,37 @@ if (bytes_per_image > sun_info.length) ThrowReaderException(CorruptImageError,ImproperImageHeader,image); - if (image_info->ping) - { - CloseBlob(image); - return(image); - } if (sun_info.type == RT_ENCODED) sun_data_length=(size_t) sun_info.length; else sun_data_length=bytes_per_image; + + /* + Verify that data length claimed by header is supported by file size + */ + if (sun_info.type == RT_ENCODED) + { + if (sun_data_length < bytes_per_image/255U) + { + ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + } + } + if (BlobIsSeekable(image)) + { + const magick_off_t file_size = GetBlobSize(image); + const magick_off_t current_offset = TellBlob(image); + if ((file_size > 0) && + (current_offset > 0) && + (file_size > current_offset)) + { + const magick_off_t remaining = file_size-current_offset; + if (remaining < (magick_off_t) sun_data_length) + { + ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image); + } + } + } + sun_data=MagickAllocateMemory(unsigned char *,sun_data_length); if (sun_data == (unsigned char *) NULL) ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
