File ImageMagick-CVE-2021-20313.patch of Package ImageMagick.30356
Index: ImageMagick-7.0.7-34/MagickCore/cipher.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/cipher.c 2018-05-20 17:55:42.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/cipher.c 2021-04-15 14:20:18.302991137 +0200
@@ -482,8 +482,8 @@ static void EncipherAESBlock(AESInfo *ae
Reset registers.
*/
alpha=0;
- (void) memset(key,0,sizeof(key));
- (void) memset(text,0,sizeof(text));
+ (void) ResetMagickMemory(key,0,sizeof(key));
+ (void) ResetMagickMemory(text,0,sizeof(text));
}
/*
@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDe
*/
quantum_info=DestroyQuantumInfo(quantum_info);
aes_info=DestroyAESInfo(aes_info);
- (void) memset(input_block,0,sizeof(input_block));
- (void) memset(output_block,0,sizeof(output_block));
+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
}
@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEn
*/
quantum_info=DestroyQuantumInfo(quantum_info);
aes_info=DestroyAESInfo(aes_info);
- (void) memset(input_block,0,sizeof(input_block));
- (void) memset(output_block,0,sizeof(output_block));
+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
}
Index: ImageMagick-7.0.7-34/MagickCore/memory.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/memory.c 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/memory.c 2021-04-15 14:20:18.302991137 +0200
@@ -1160,26 +1160,36 @@ MagickExport MemoryInfo *RelinquishVirtu
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
-% ResetMagickMemory() fills the first size bytes of the memory area pointed to
-% by memory with the constant byte c.
+% ResetMagickMemory() fills the first size bytes of the memory area pointed to % by memory with the constant byte c. We use a volatile pointer when
+% updating the byte string. Most compilers will avoid optimizing away access
+% to a volatile pointer, even if the pointer appears to be unused after the
+% call.
%
% The format of the ResetMagickMemory method is:
%
-% void *ResetMagickMemory(void *memory,int byte,const size_t size)
+% void *ResetMagickMemory(void *memory,int c,const size_t size)
%
% A description of each parameter follows:
%
% o memory: a pointer to a memory allocation.
%
-% o byte: set the memory to this value.
+% o c: set the memory to this value.
%
% o size: size of the memory to reset.
%
*/
-MagickExport void *ResetMagickMemory(void *memory,int byte,const size_t size)
+MagickExport void *ResetMagickMemory(void *memory,int c,const size_t size)
{
+ volatile unsigned char
+ *p = memory;
+
+ size_t
+ n = size;
+
assert(memory != (void *) NULL);
- return(memset(memory,byte,size));
+ while (n-- != 0)
+ *p++=(unsigned char) c;
+ return(memory);
}
/*
Index: ImageMagick-7.0.7-34/MagickCore/signature.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/signature.c 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/MagickCore/signature.c 2021-04-15 14:20:18.306991160 +0200
@@ -749,7 +749,7 @@ RestoreMSCWarning
T=0;
T1=0;
T2=0;
- (void) memset(W,0,sizeof(W));
+ (void) ResetMagickMemory(W,0,sizeof(W));
}
/*