Overview

File ImageMagick-6.4.3.6-SA35216.patch of Package ImageMagick

--- magick/xwindow.c	2009-05-28 10:43:24.000000000 -0300
+++ magick/xwindow.c	2009-05-28 10:46:45.000000000 -0300
@@ -5368,6 +5368,9 @@
   const XResourceInfo *resource_info,XWindowInfo *window,Image *image,
   unsigned int width,unsigned int height)
 {
+#define CheckOverflowException(length,width,height) \
+  (((height) != 0) && ((length)/((size_t) height) != ((size_t) width)))
+
   int
     depth,
     format;
@@ -5507,9 +5510,11 @@
         (char *) NULL,&segment_info[1],width,height);
       if (ximage == (XImage *) NULL)
         window->shared_memory=MagickFalse;
+      length=(size_t) ximage->bytes_per_line*ximage->height;
+      if (CheckOverflowException(length,ximage->bytes_per_line,ximage->height))
+        window->shared_memory=MagickFalse;
       if (window->shared_memory != MagickFalse)
-        segment_info[1].shmid=shmget(IPC_PRIVATE,(unsigned int)
-          (ximage->bytes_per_line*ximage->height),IPC_CREAT | 0777);
+        segment_info[1].shmid=shmget(IPC_PRIVATE,length,IPC_CREAT | 0777);
       if (window->shared_memory != MagickFalse)
         segment_info[1].shmaddr=(char *) shmat(segment_info[1].shmid,0,0);
       if (segment_info[1].shmid < 0)
@@ -5612,11 +5617,12 @@
     }
   if (window->shared_memory == MagickFalse)
     {
-      if (ximage->format == XYBitmap)
-        length=(size_t) ximage->bytes_per_line*ximage->height*ximage->depth;
+      if (ximage->format != XYBitmap)
+        ximage->data=(char *) AcquireQuantumMemory((size_t)
+          ximage->bytes_per_line,(size_t) ximage->height);
       else
-        length=(size_t) ximage->bytes_per_line*ximage->height;
-      ximage->data=(char *)  malloc(length);
+        ximage->data=(char *) AcquireQuantumMemory((size_t)
+          ximage->bytes_per_line*ximage->depth,(size_t) ximage->height);
     }
   if (ximage->data == (char *) NULL)
     {
@@ -5694,9 +5700,9 @@
             /*
               Allocate matte image pixel data.
             */
-            length=(size_t) matte_image->bytes_per_line*
-              matte_image->height*matte_image->depth;
-            matte_image->data=(char *) malloc(length);
+            matte_image->data=(char *) AcquireQuantumMemory((size_t)
+              matte_image->bytes_per_line*matte_image->depth,
+              (size_t) matte_image->height);
             if (matte_image->data == (char *) NULL)
               {
                 XDestroyImage(matte_image);
openSUSE Build Service is sponsored by
Places