Overview

File GraphicsMagick-CVE-2016-10059.patch of Package GraphicsMagick.6323

Index: GraphicsMagick-1.3.21/coders/tiff.c
===================================================================
--- GraphicsMagick-1.3.21.orig/coders/tiff.c	2017-01-18 22:09:09.613258898 +0100
+++ GraphicsMagick-1.3.21/coders/tiff.c	2017-01-18 22:09:09.657259612 +0100
@@ -2824,7 +2824,7 @@ ReadTIFFImage(const ImageInfo *image_inf
               tile_columns,
               tile_rows;
         
-            unsigned long
+            magick_int64_t
               tile_total_pixels;
         
             if (logging)
@@ -2840,7 +2840,13 @@ ReadTIFFImage(const ImageInfo *image_inf
                 TIFFClose(tiff);
                 ThrowReaderException(CoderError,ImageIsNotTiled,image);
               }
-            tile_total_pixels=tile_columns*tile_rows;
+            tile_total_pixels=(magick_int64_t)tile_columns*tile_rows;
+            if ((tile_total_pixels*sizeof(uint32)) != (magick_int64_t) ((size_t)
+                (tile_total_pixels*sizeof(uint32))))
+              {
+                TIFFClose(tiff);
+                ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
+              }
             if (logging)
               {
                 (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Reading TIFF tiles ...");
openSUSE Build Service is sponsored by
Places