Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:11.4:Update
ImageMagick.474
ImageMagick-security-exif.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-security-exif.patch of Package ImageMagick.474
http://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=20629 Index: ImageMagick-6.6.5-8/coders/jpeg.c =================================================================== --- ImageMagick-6.6.5-8.orig/coders/jpeg.c +++ ImageMagick-6.6.5-8/coders/jpeg.c @@ -207,9 +207,12 @@ static MagickBooleanType IsJPEG(const un % o exception: return any errors or warnings in this structure. % */ +static void JPEGErrorHandler(j_common_ptr jpeg_info); static MagickBooleanType EmitMessage(j_common_ptr jpeg_info,int level) { +#define JPEGExcessiveWarnings 1000 + char message[JMSG_LENGTH_MAX]; @@ -224,11 +227,12 @@ static MagickBooleanType EmitMessage(j_c image=error_manager->image; if (level < 0) { + if (jpeg_info->err->num_warnings++ > JPEGExcessiveWarnings) + JPEGErrorHandler(jpeg_info); if ((jpeg_info->err->num_warnings == 0) || (jpeg_info->err->trace_level >= 3)) ThrowBinaryException(CorruptImageWarning,(char *) message, image->filename); - jpeg_info->err->num_warnings++; } else if (jpeg_info->err->trace_level >= level) Index: ImageMagick-6.6.5-8/coders/tiff.c =================================================================== --- ImageMagick-6.6.5-8.orig/coders/tiff.c +++ ImageMagick-6.6.5-8/coders/tiff.c @@ -593,7 +593,7 @@ static void TIFFGetEXIFProperties(TIFF * *ascii; if (TIFFGetField(tiff,exif_info[i].tag,&ascii) != 0) - (void) CopyMagickMemory(value,ascii,MaxTextExtent); + (void) CopyMagickString(value,ascii,MaxTextExtent); break; } case TIFF_SHORT: Index: ImageMagick-6.6.5-8/magick/property.c =================================================================== --- ImageMagick-6.6.5-8.orig/magick/property.c +++ ImageMagick-6.6.5-8/magick/property.c @@ -1304,6 +1304,8 @@ static MagickBooleanType GetEXIFProperty break; components=(int) ReadPropertyLong(endian,q+4); number_bytes=(size_t) components*tag_bytes[format]; + if (number_bytes < components) + break; /* prevent overflow */ if (number_bytes <= 4) p=q+8; else @@ -1327,6 +1329,8 @@ static MagickBooleanType GetEXIFProperty buffer[MaxTextExtent], *value; + value=(char *) NULL; + *buffer='\0'; switch (format) { case EXIF_FMT_BYTE: Index: ImageMagick-6.6.5-8/magick/profile.c =================================================================== --- ImageMagick-6.6.5-8.orig/magick/profile.c +++ ImageMagick-6.6.5-8/magick/profile.c @@ -1934,8 +1934,10 @@ MagickExport MagickBooleanType SyncImage format=(ssize_t) ReadProfileShort(endian,q+2); if ((format-1) >= EXIF_NUM_FORMATS) break; - components=(int) ReadProfileLong(endian,q+4); + components=(ssize_t) ((int) ReadProfileLong(endian,q+4)); number_bytes=(size_t) components*format_bytes[format]; + if (number_bytes < components) + break; /* prevent overflow */ if (number_bytes <= 4) p=q+8; else
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor