File ImageMagick-CVE-2020-27767,27768,27751,27752,27757.patch of Package ImageMagick.30356
Index: ImageMagick-7.0.7-34/MagickCore/quantize.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/quantize.c 2020-12-15 11:00:00.880241473 +0100
+++ ImageMagick-7.0.7-34/MagickCore/quantize.c 2020-12-15 11:00:01.080242661 +0100
@@ -874,7 +874,7 @@ static MagickBooleanType ClassifyImageCo
error.alpha=QuantumScale*(pixel.alpha-mid.alpha);
distance=(double) (error.red*error.red+error.green*error.green+
error.blue*error.blue+error.alpha*error.alpha);
- if (IsNaN(distance))
+ if (IsNaN(distance) != 0)
distance=0.0;
node_info->quantize_error+=count*sqrt(distance);
cube_info->root->quantize_error+=node_info->quantize_error;
@@ -981,7 +981,7 @@ static MagickBooleanType ClassifyImageCo
error.alpha=QuantumScale*(pixel.alpha-mid.alpha);
distance=(double) (error.red*error.red+error.green*error.green+
error.blue*error.blue+error.alpha*error.alpha);
- if (IsNaN(distance) != MagickFalse)
+ if (IsNaN(distance) != 0)
distance=0.0;
node_info->quantize_error+=count*sqrt(distance);
cube_info->root->quantize_error+=node_info->quantize_error;
Index: ImageMagick-7.0.7-34/MagickCore/quantum.h
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/quantum.h 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/quantum.h 2020-12-15 11:00:01.080242661 +0100
@@ -18,6 +18,7 @@
#ifndef MAGICKCORE_QUANTUM_H
#define MAGICKCORE_QUANTUM_H
+#include <float.h>
#include "MagickCore/image.h"
#include "MagickCore/semaphore.h"
@@ -81,16 +82,16 @@ typedef enum
typedef struct _QuantumInfo
QuantumInfo;
-static inline Quantum ClampToQuantum(const MagickRealType value)
+static inline Quantum ClampToQuantum(const MagickRealType quantum)
{
#if defined(MAGICKCORE_HDRI_SUPPORT)
- return((Quantum) value);
+ return((Quantum) quantum);
#else
- if (value <= 0.0f)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return((Quantum) 0);
- if (value >= (MagickRealType) QuantumRange)
+ if (quantum >= (MagickRealType) QuantumRange)
return(QuantumRange);
- return((Quantum) (value+0.5f));
+ return((Quantum) (quantum+0.5));
#endif
}
@@ -100,7 +101,7 @@ static inline unsigned char ScaleQuantum
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned char) quantum);
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if (quantum >= 255.0)
return(255);
@@ -113,7 +114,7 @@ static inline unsigned char ScaleQuantum
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned char) (((quantum+128UL)-((quantum+128UL) >> 8)) >> 8));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((quantum/257.0) >= 255.0)
return(255);
@@ -127,7 +128,7 @@ static inline unsigned char ScaleQuantum
return((unsigned char) ((quantum+MagickULLConstant(8421504))/
MagickULLConstant(16843009)));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((quantum/16843009.0) >= 255.0)
return(255);
@@ -140,7 +141,7 @@ static inline unsigned char ScaleQuantum
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned char) (quantum/72340172838076673.0+0.5));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((quantum/72340172838076673.0) >= 255.0)
return(255);
Index: ImageMagick-7.0.7-34/MagickCore/quantum-import.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/quantum-import.c 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/quantum-import.c 2020-12-15 11:00:01.080242661 +0100
@@ -139,20 +139,18 @@ static inline const unsigned char *PushD
quantum[5]=(*pixels++);
quantum[6]=(*pixels++);
quantum[7]=(*pixels++);
- p=(double *) quantum;
- *pixel=(*p);
- *pixel-=quantum_info->minimum;
- *pixel*=quantum_info->scale;
- return(pixels);
}
- quantum[7]=(*pixels++);
- quantum[6]=(*pixels++);
- quantum[5]=(*pixels++);
- quantum[4]=(*pixels++);
- quantum[3]=(*pixels++);
- quantum[2]=(*pixels++);
- quantum[1]=(*pixels++);
- quantum[0]=(*pixels++);
+ else
+ {
+ quantum[7]=(*pixels++);
+ quantum[6]=(*pixels++);
+ quantum[5]=(*pixels++);
+ quantum[4]=(*pixels++);
+ quantum[3]=(*pixels++);
+ quantum[2]=(*pixels++);
+ quantum[1]=(*pixels++);
+ quantum[0]=(*pixels++);
+ }
p=(double *) quantum;
*pixel=(*p);
*pixel-=quantum_info->minimum;
@@ -175,20 +173,23 @@ static inline const unsigned char *PushQ
quantum[1]=(*pixels++);
quantum[2]=(*pixels++);
quantum[3]=(*pixels++);
- p=(float *) quantum;
- *pixel=(*p);
- *pixel-=quantum_info->minimum;
- *pixel*=quantum_info->scale;
- return(pixels);
- }
- quantum[3]=(*pixels++);
- quantum[2]=(*pixels++);
- quantum[1]=(*pixels++);
- quantum[0]=(*pixels++);
+ }
+ else
+ {
+ quantum[3]=(*pixels++);
+ quantum[2]=(*pixels++);
+ quantum[1]=(*pixels++);
+ quantum[0]=(*pixels++);
+ }
p=(float *) quantum;
*pixel=(*p);
*pixel-=quantum_info->minimum;
*pixel*=quantum_info->scale;
+ if (*pixel < FLT_MIN)
+ *pixel=FLT_MIN;
+ else
+ if (*pixel > FLT_MAX)
+ *pixel=FLT_MAX;
return(pixels);
}
Index: ImageMagick-7.0.7-34/MagickCore/quantum-private.h
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/quantum-private.h 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/quantum-private.h 2020-12-15 11:01:39.320825266 +0100
@@ -324,7 +324,15 @@ static inline Quantum ScaleAnyToQuantum(
static inline QuantumAny ScaleQuantumToAny(const Quantum quantum,
const QuantumAny range)
{
- return((QuantumAny) (((double) range*quantum)/QuantumRange+0.5));
+#if !defined(MAGICKCORE_HDRI_SUPPORT)
+ return((QuantumAny) ((double) range*quantum/QuantumRange));
+#else
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return((QuantumAny) 0UL);
+ if (((double) range*quantum/QuantumRange) >= 18446744073709551615.0)
+ return((QuantumAny) MagickULLConstant(18446744073709551615));
+ return((QuantumAny) ((double) range*quantum/QuantumRange+0.5));
+#endif
}
#if (MAGICKCORE_QUANTUM_DEPTH == 8)
@@ -370,8 +370,8 @@ static inline unsigned int ScaleQuantumT
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) (16843009UL*quantum));
#else
- if (quantum <= 0.0)
- return(0UL);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
if ((16843009.0*quantum) >= 4294967295.0)
return(4294967295UL);
return((unsigned int) (16843009.0*quantum+0.5));
@@ -383,7 +383,7 @@ static inline MagickSizeType ScaleQuantu
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((MagickSizeType) (MagickULLConstant(551911719039)*quantum));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0UL);
if ((551911719039.0*quantum) >= 18446744073709551615.0)
return(MagickULLConstant(18446744073709551615));
@@ -398,8 +398,8 @@ static inline unsigned int ScaleQuantumT
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) quantum);
#else
- if (quantum < 0.0)
- return(0UL);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
return((unsigned int) (quantum+0.5));
#endif
}
@@ -409,7 +409,7 @@ static inline unsigned short ScaleQuantu
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned short) (257UL*quantum));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((257.0*quantum) >= 65535.0)
return(65535);
@@ -473,8 +473,8 @@ static inline unsigned int ScaleQuantumT
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) (65537UL*quantum));
#else
- if (quantum <= 0.0)
- return(0UL);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
if ((65537.0*quantum) >= 4294967295.0)
return(4294967295U);
return((unsigned int) (65537.0*quantum+0.5));
@@ -486,7 +486,7 @@ static inline MagickSizeType ScaleQuantu
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((MagickSizeType) (MagickULLConstant(16842752)*quantum));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0UL);
if ((65537.0*quantum) >= 18446744073709551615.0)
return(MagickULLConstant(18446744073709551615));
@@ -501,8 +501,8 @@ static inline unsigned int ScaleQuantumT
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) quantum);
#else
- if (quantum < 0.0)
- return(0UL);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
return((unsigned int) (quantum+0.5));
#endif
}
@@ -512,7 +512,7 @@ static inline unsigned short ScaleQuantu
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned short) quantum);
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if (quantum >= 65535.0)
return(65535);
@@ -562,8 +562,8 @@ static inline unsigned int ScaleQuantumT
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) quantum);
#else
- if (quantum <= 0.0)
- return(0);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
if ((quantum) >= 4294967295.0)
return(4294967295);
return((unsigned int) (quantum+0.5));
@@ -581,14 +581,14 @@ static inline MagickSizeType ScaleQuantu
static inline unsigned int ScaleQuantumToMap(const Quantum quantum)
{
- if (quantum < 0.0)
- return(0UL);
if ((quantum/65537) >= (Quantum) MaxMap)
return((unsigned int) MaxMap);
#if !defined(MAGICKCORE_HDRI_SUPPORT)
return((unsigned int) ((quantum+MagickULLConstant(32768))/
MagickULLConstant(65537)));
#else
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
return((unsigned int) (quantum/65537.0+0.5));
#endif
}
@@ -599,7 +599,7 @@ static inline unsigned short ScaleQuantu
return((unsigned short) ((quantum+MagickULLConstant(32768))/
MagickULLConstant(65537)));
#else
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((quantum/65537.0) >= 65535.0)
return(65535);
@@ -652,8 +652,8 @@ static inline MagickSizeType ScaleQuantu
static inline unsigned int ScaleQuantumToMap(const Quantum quantum)
{
- if (quantum <= 0.0)
- return(0UL);
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
+ return(0U);
if ((quantum/281479271743489.0) >= MaxMap)
return((unsigned int) MaxMap);
return((unsigned int) (quantum/281479271743489.0+0.5));
@@ -661,7 +661,7 @@ static inline unsigned int ScaleQuantumT
static inline unsigned short ScaleQuantumToShort(const Quantum quantum)
{
- if (quantum <= 0.0)
+ if ((IsNaN(quantum) != 0) || (quantum <= 0.0))
return(0);
if ((quantum/281479271743489.0) >= 65535.0)
return(65535);