Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
GraphicsMagick.9630
GraphicsMagick-CVE-2017-10794.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File GraphicsMagick-CVE-2017-10794.patch of Package GraphicsMagick.9630
Index: GraphicsMagick-1.3.25/coders/tiff.c =================================================================== --- GraphicsMagick-1.3.25.orig/coders/tiff.c 2018-10-22 15:49:31.380415410 +0200 +++ GraphicsMagick-1.3.25/coders/tiff.c 2018-10-23 09:22:15.780578401 +0200 @@ -1331,7 +1331,7 @@ QuantumTransferMode(const Image *image, *quantum_samples=1; } } - else if (samples_per_pixel == 3) + else { if (image->matte) { @@ -1482,12 +1482,12 @@ QuantumTransferMode(const Image *image, } else { - if (image->matte && samples_per_pixel >= 5) + if (image->matte) { *quantum_type=CMYKAQuantum; *quantum_samples=5; } - else if (samples_per_pixel >= 4) + else { *quantum_type=CMYKQuantum; *quantum_samples=4; @@ -1501,7 +1501,7 @@ QuantumTransferMode(const Image *image, This is here to support JPEGCOLORMODE_RGB which claims a YCbCr photometric, but passes RGB to libtiff. */ - if ((compress_tag == COMPRESSION_JPEG) && (samples_per_pixel == 3)) + if (compress_tag == COMPRESSION_JPEG) { *quantum_type=RGBQuantum; *quantum_samples=3; @@ -1511,9 +1511,27 @@ QuantumTransferMode(const Image *image, } } /* fprintf(stderr,"Quantum Type: %d Quantum Samples: %d\n",(int) *quantum_type,*quantum_samples); */ - /* FIXME: Throw exception if there is an error */ /* FIXME: We do need to support YCbCr! */ + if (*quantum_samples != 0) + { + /* + Enforce that there are no buffer-overruns. + */ + if (((planar_config == PLANARCONFIG_SEPARATE) && (*quantum_samples != 1)) || + ((unsigned int) (*quantum_samples) > samples_per_pixel)) + { + if (image->logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Expected >= %u samples per pixel, have only %d!", + *quantum_samples, samples_per_pixel); + ThrowException(exception,CorruptImageError,ImproperImageHeader, + image->filename); + *quantum_type=UndefinedQuantum; + *quantum_samples=0; + } + } + return (*quantum_samples != 0 ? MagickPass : MagickFail); } @@ -2234,13 +2252,21 @@ ReadTIFFImage(const ImageInfo *image_inf if (photometric == PHOTOMETRIC_MINISWHITE) import_options.grayscale_miniswhite=MagickTrue; } - else + else if (exception->severity < ErrorException) { if (TIFFIsTiled(tiff)) method=RGBATiledMethod; else if (TIFFGetField(tiff,TIFFTAG_ROWSPERSTRIP,&rows_per_strip) == 1) method=RGBAStrippedMethod; } + else + { + /* + QuantumTransferMode reported an error + */ + TIFFClose(tiff); + ThrowReaderException(CorruptImageError,ImproperImageHeader,image); + } } /* @@ -2935,6 +2961,10 @@ ReadTIFFImage(const ImageInfo *image_inf ThrowReaderException(ResourceLimitError,MemoryAllocationFailed, image); } + if (logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "Allocated %" MAGICK_SIZE_T_F "u bytes for RGBA strip", + (MAGICK_SIZE_T) number_pixels*sizeof(uint32)); /* Convert image to DirectClass pixel packets. */
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
