File ImageMagick-CVE-2019-15139.patch of Package ImageMagick.30356
Index: ImageMagick-7.0.7-34/coders/xwd.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/xwd.c 2019-09-05 11:33:44.608847055 +0200
+++ ImageMagick-7.0.7-34/coders/xwd.c 2019-09-05 11:37:25.634090180 +0200
@@ -240,6 +240,8 @@ static Image *ReadXWDImage(const ImageIn
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if (header.xoffset >= header.pixmap_width)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ if ((MagickSizeType) header.xoffset >= GetBlobSize(image))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
switch (header.visual_class)
{
case StaticGray:
@@ -391,6 +393,9 @@ static Image *ReadXWDImage(const ImageIn
length=(size_t) header.ncolors;
if (length > ((~0UL)/sizeof(*colors)))
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ length=(size_t) header.ncolors;
+ if (length > ((~0UL)/sizeof(*colors)))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
colors=(XColor *) AcquireQuantumMemory(length,sizeof(*colors));
if (colors == (XColor *) NULL)
{
@@ -692,6 +697,7 @@ ModuleExport size_t RegisterXWDImage(voi
entry->encoder=(EncodeImageHandler *) WriteXWDImage;
#endif
entry->magick=(IsImageFormatHandler *) IsXWD;
+ entry->flags|=CoderDecoderSeekableStreamFlag;
entry->flags^=CoderAdjoinFlag;
(void) RegisterMagickInfo(entry);
return(MagickImageCoderSignature);