File ImageMagick-CVE-2014-9853.patch of Package ImageMagick.8768

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2014-9853.patch of Package ImageMagick.8768

Index: ImageMagick-6.8.9-8/coders/rle.c
===================================================================
--- ImageMagick-6.8.9-8.orig/coders/rle.c	2016-06-21 13:42:01.183911206 +0200
+++ ImageMagick-6.8.9-8/coders/rle.c	2016-06-21 13:42:01.215911724 +0200
@@ -45,6 +45,7 @@
 #include "magick/blob-private.h"
 #include "magick/cache.h"
 #include "magick/colormap.h"
+#include "magick/colormap-private.h"
 #include "magick/exception.h"
 #include "magick/exception-private.h"
 #include "magick/image.h"
@@ -259,7 +260,7 @@ static Image *ReadRLEImage(const ImageIn
           Read image colormaps.
         */
         colormap=(unsigned char *) AcquireQuantumMemory(number_colormaps,
-          map_length*sizeof(*colormap));
+          3*map_length*sizeof(*colormap));
         if (colormap == (unsigned char *) NULL)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         p=colormap;
@@ -560,9 +561,12 @@ static Image *ReadRLEImage(const ImageIn
                 break;
               for (x=0; x < (ssize_t) image->columns; x++)
               {
-                SetPixelRed(q,image->colormap[*p++].red);
-                SetPixelGreen(q,image->colormap[*p++].green);
-                SetPixelBlue(q,image->colormap[*p++].blue);
+                SetPixelRed(q,image->colormap[(ssize_t)
+                  ConstrainColormapIndex(image,*p++)].red);
+                SetPixelGreen(q,image->colormap[(ssize_t)
+                  ConstrainColormapIndex(image,*p++)].green);
+                SetPixelBlue(q,image->colormap[(ssize_t)
+                  ConstrainColormapIndex(image,*p++)].blue);
                 SetPixelAlpha(q,ScaleCharToQuantum(*p++));
                 q++;
               }

Places

File ImageMagick-CVE-2014-9853.patch of Package ImageMagick.8768

Places