Overview

File GraphicsMagick-CVE-2014-9807.patch of Package GraphicsMagick.7893

Index: GraphicsMagick-1.3.25/coders/pdb.c
===================================================================
--- GraphicsMagick-1.3.25.orig/coders/pdb.c	2016-05-30 19:19:54.000000000 +0200
+++ GraphicsMagick-1.3.25/coders/pdb.c	2016-11-28 13:37:43.771398618 +0100
@@ -429,7 +429,7 @@ static Image *ReadPDBImage(const ImageIn
   */
   (void) ReadBlob(image,32,pdb_image.name);
   pdb_image.version=ReadBlobByte(image);
-  pdb_image.type=ReadBlobByte(image);
+  pdb_image.type=(unsigned char)ReadBlobByte(image);
   pdb_image.reserved_1=ReadBlobMSBLong(image);
   pdb_image.note=ReadBlobMSBLong(image);
   pdb_image.x_last=ReadBlobMSBShort(image);
@@ -460,7 +460,7 @@ static Image *ReadPDBImage(const ImageIn
   if (CheckImagePixelLimits(image, exception) != MagickPass)
     ThrowPDBReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
 
-  packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8,
+  packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8+4,
                           image->rows);
   pixels=MagickAllocateMemory(unsigned char *,packets + (packets != 0 ? 256 : 0));
   if (pixels == (unsigned char *) NULL)
@@ -907,7 +907,7 @@ static unsigned int WritePDBImage(const
     if (!AcquireImagePixels(image,0,y,image->columns,1,&image->exception))
       break;
     (void) ExportImagePixelArea(image,GrayQuantum,image->depth,scanline,0,0);
-    for (x=0; x < pdb_image.width; x++)
+    for (x=0; x < (long) pdb_image.width; x++)
     {
       if (x < (long) image->columns)
         buffer[literal+repeat]|=(0xff-scanline[x*packet_size]) >>
openSUSE Build Service is sponsored by
Places