Overview

File GraphicsMagick-CVE-2014-9807.patch of Package GraphicsMagick.6323

Index: GraphicsMagick-1.3.21/coders/pdb.c
===================================================================
--- GraphicsMagick-1.3.21.orig/coders/pdb.c	2015-02-28 21:51:58.000000000 +0100
+++ GraphicsMagick-1.3.21/coders/pdb.c	2016-08-04 22:09:55.210164775 +0200
@@ -423,7 +423,7 @@ static Image *ReadPDBImage(const ImageIn
   */
   (void) ReadBlob(image,32,pdb_image.name);
   pdb_image.version=ReadBlobByte(image);
-  pdb_image.type=ReadBlobByte(image);
+  pdb_image.type=(unsigned char)ReadBlobByte(image);
   pdb_image.reserved_1=ReadBlobMSBLong(image);
   pdb_image.note=ReadBlobMSBLong(image);
   pdb_image.x_last=ReadBlobMSBShort(image);
@@ -454,7 +454,7 @@ static Image *ReadPDBImage(const ImageIn
   if (CheckImagePixelLimits(image, exception) != MagickPass)
     ThrowReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
 
-  packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8,
+  packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8+4,
                           image->rows);
   pixels=MagickAllocateMemory(unsigned char *,packets + (packets != 0 ? 256 : 0));
   if (pixels == (unsigned char *) NULL)
@@ -889,7 +889,7 @@ static unsigned int WritePDBImage(const
     if (!AcquireImagePixels(image,0,y,image->columns,1,&image->exception))
       break;
     (void) ExportImagePixelArea(image,GrayQuantum,image->depth,scanline,0,0);
-    for (x=0; x < pdb_image.width; x++)
+    for (x=0; x < (long) pdb_image.width; x++)
     {
       if (x < (long) image->columns)
         buffer[literal+repeat]|=(0xff-scanline[x*packet_size]) >>
openSUSE Build Service is sponsored by
Places