Overview

File GraphicsMagick-CVE-2019-19950.patch of Package GraphicsMagick.12851

# HG changeset patch
# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
# Date 1557593192 18000
# Node ID 44ab7f6c20b440157d50242943b5b0e3b3857014
# Parent  bc99af93614da8c8dd08ae407828758a64798666
ThrowException(), ThrowLoggedException(): Handle the case where some passed character strings refer to existing exception character strings.

Index: GraphicsMagick-1.3.29/magick/error.c
===================================================================
--- GraphicsMagick-1.3.29.orig/magick/error.c	2017-12-09 21:02:47.000000000 +0100
+++ GraphicsMagick-1.3.29/magick/error.c	2020-01-03 12:39:05.746683560 +0100
@@ -96,28 +96,32 @@ MagickExport void CatchException(const E
 {
   assert(exception != (ExceptionInfo *) NULL);
   assert(exception->signature == MagickSignature);
-  if (exception->severity == UndefinedException)
-    return;
-  errno=exception->error_number; /* Shabby work-around for parameter limits */
-  if ((exception->severity >= WarningException) &&
-      (exception->severity < ErrorException))
-    {
-      MagickWarning2(exception->severity,exception->reason,
-        exception->description);
-      return;
-    }
-  if ((exception->severity >= ErrorException) &&
-      (exception->severity < FatalErrorException))
-    {
-      MagickError2(exception->severity,exception->reason,exception->description);
-      return;
-    }
-  if (exception->severity >= FatalErrorException)
+
+  do
     {
-      MagickFatalError2(exception->severity,exception->reason,
-        exception->description);
-      return;
-    }
+      if (exception->severity == UndefinedException)
+        break;
+      errno=exception->error_number; /* Shabby work-around for parameter limits */
+      if ((exception->severity >= WarningException) &&
+          (exception->severity < ErrorException))
+        {
+          MagickWarning2(exception->severity,exception->reason,
+                         exception->description);
+          break;
+        }
+      if ((exception->severity >= ErrorException) &&
+          (exception->severity < FatalErrorException))
+        {
+          MagickError2(exception->severity,exception->reason,exception->description);
+          break;
+        }
+      if (exception->severity >= FatalErrorException)
+        {
+          MagickFatalError2(exception->severity,exception->reason,
+                            exception->description);
+          break;
+        }
+    } while(0);
 }
 
 /*
@@ -150,6 +154,7 @@ MagickExport void CopyException(Exceptio
   assert(copy != (ExceptionInfo *) NULL);
   assert(copy->signature == MagickSignature);
   assert(original != (ExceptionInfo *) NULL);
+  assert(copy != original);
   assert(original->signature == MagickSignature);
   copy->severity=original->severity;
   MagickFreeMemory(copy->reason);
@@ -856,14 +861,21 @@ MagickExport void ThrowException(Excepti
   assert(exception != (ExceptionInfo *) NULL);
   assert(exception->signature == MagickSignature);
   exception->severity=(ExceptionType) severity;
-  MagickFreeMemory(exception->reason);
-  if (reason)
-    exception->reason=
-      AcquireString(GetLocaleExceptionMessage(severity,reason));
-  MagickFreeMemory(exception->description);
-  if (description)
-    exception->description=
-      AcquireString(GetLocaleExceptionMessage(severity,description));
+  {
+    char *new_reason=NULL;
+    if (reason)
+      new_reason=AcquireString(GetLocaleExceptionMessage(severity,reason));
+    MagickFreeMemory(exception->reason);
+    exception->reason=new_reason;
+  }
+  {
+    char *new_description=NULL;
+    if (description)
+      new_description=
+        AcquireString(GetLocaleExceptionMessage(severity,description));
+    MagickFreeMemory(exception->description);
+    exception->description=new_description;
+  }
   exception->error_number=errno;
   MagickFreeMemory(exception->module);
   MagickFreeMemory(exception->function);
@@ -943,21 +955,36 @@ MagickExport void ThrowLoggedException(E
       return;
     }
   exception->severity=(ExceptionType) severity;
-  MagickFreeMemory(exception->reason);
-  if (reason)
-    exception->reason=
-      AcquireString(GetLocaleExceptionMessage(severity,reason));
-  MagickFreeMemory(exception->description);
-  if (description)
-    exception->description=
-      AcquireString(GetLocaleExceptionMessage(severity,description));
+  {
+    char *new_reason = NULL;
+    if (reason)
+      new_reason=AcquireString(GetLocaleExceptionMessage(severity,reason));
+    MagickFreeMemory(exception->reason);
+    exception->reason=new_reason;
+  }
+  {
+    char *new_description = NULL;
+    if (description)
+      new_description=AcquireString(GetLocaleExceptionMessage(severity,description));
+    MagickFreeMemory(exception->description);
+    exception->description=new_description;
+  }
   exception->error_number=errno;
-  MagickFreeMemory(exception->module);
-  if (module)
-    exception->module=AcquireString(module);
-  MagickFreeMemory(exception->function);
-  if (function)
-    exception->function=AcquireString(function);
+  {
+    char *new_module = NULL;
+    if (module)
+      new_module=AcquireString(module);
+    MagickFreeMemory(exception->module);
+    exception->module=new_module;
+  }
+
+  {
+    char *new_function = NULL;
+    if (function)
+      new_function=AcquireString(function);
+    MagickFreeMemory(exception->function);
+    exception->function=new_function;
+  }
   exception->line=line;
   if (exception->reason)
     {
openSUSE Build Service is sponsored by
Places