Overview

File GraphicsMagick-CVE-2016-10065.patch of Package GraphicsMagick.6323

Index: GraphicsMagick-1.3.21/coders/viff.c
===================================================================
--- GraphicsMagick-1.3.21.orig/coders/viff.c	2017-01-24 13:34:24.942358840 +0100
+++ GraphicsMagick-1.3.21/coders/viff.c	2017-01-24 13:35:56.715911217 +0100
@@ -297,6 +297,8 @@ static Image *ReadVIFFImage(const ImageI
   unsigned long
     bytes_per_pixel,
     lsb_first,
+    blob_size,
+    alloc_size,
     max_packets,
     number_pixels;
 
@@ -558,6 +560,10 @@ static Image *ReadVIFFImage(const ImageI
       max_packets=MagickArraySize(((image->columns+7) >> 3),image->rows);
     else
       max_packets=MagickArraySize(number_pixels,viff_info.number_data_bands);
+    alloc_size=MagickArraySize(bytes_per_pixel,max_packets);
+    blob_size=GetBlobSize(image);
+    if ((blob_size != 0) && (alloc_size > blob_size))
+      ThrowReaderException(CorruptImageError,InsufficientImageDataInFile,image);
     viff_pixels=MagickAllocateArray(unsigned char *,
                                     MagickArraySize(bytes_per_pixel,
                                                     Max(number_pixels, max_packets)),
openSUSE Build Service is sponsored by
Places