File GraphicsMagick-CVE-2016-7449.patch of Package GraphicsMagick.6323
--- a/coders/tiff.c Mon Aug 15 16:56:35 2016 -0500
+++ b/coders/tiff.c Thu Aug 18 20:58:27 2016 -0500
@@ -1575,6 +1575,19 @@
}
#endif
+/*
+ Copy a possibly unterminated sized string to an image attribute.
+*/
+#define CopySizedFieldToAttribute(key,count,text) \
+ do \
+ { \
+ char _attribute[MaxTextExtent]; \
+ (void) memcpy(_attribute,text,Min(sizeof(_attribute),count)); \
+ _attribute[Min(sizeof(_attribute)-1,count)]='\0'; \
+ (void) SetImageAttribute(image,key,_attribute); \
+ } while(0);
+
+
typedef enum
{
ScanLineMethod, /* Scanline method */
@@ -1634,6 +1647,7 @@
units;
uint32
+ count,
height,
rows_per_strip,
width;
@@ -2037,34 +2051,17 @@
if (TIFFGetField(tiff,TIFFTAG_SOFTWARE,&text) == 1)
(void) SetImageAttribute(image,"software",text);
- {
- /*
- "Unsupported" tags return two arguments.
- */
-
- uint32
- count;
-
- char attribute[MaxTextExtent];
-
- if (TIFFGetField(tiff,TIFFTAG_OPIIMAGEID,&count,&text) == 1)
- {
- (void) strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
- (void) SetImageAttribute(image,"imageid",attribute);
- }
-
- if (TIFFGetField(tiff,33423,&count,&text) == 1)
- {
- (void) strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
- (void) SetImageAttribute(image,"kodak-33423",attribute);
- }
-
- if (TIFFGetField(tiff,36867,&count,&text) == 1)
- {
- (void) strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
- (void) SetImageAttribute(image,"kodak-36867",attribute);
- }
- }
+ /*
+ "Unsupported" tags return two arguments.
+ */
+ if (TIFFGetField(tiff,TIFFTAG_OPIIMAGEID,&count,&text) == 1)
+ CopySizedFieldToAttribute("imageid",count,text);
+
+ if (TIFFGetField(tiff,33423,&count,&text) == 1)
+ CopySizedFieldToAttribute("kodak-33423",count,text);
+
+ if (TIFFGetField(tiff,36867,&count,&text) == 1)
+ CopySizedFieldToAttribute("kodak-36867",count,text);
if ((photometric == PHOTOMETRIC_PALETTE) ||
((photometric == PHOTOMETRIC_MINISWHITE ||
