File GraphicsMagick-CVE-2014-9807.patch of Package GraphicsMagick.7893
Index: GraphicsMagick-1.3.25/coders/pdb.c
===================================================================
--- GraphicsMagick-1.3.25.orig/coders/pdb.c 2016-05-30 19:19:54.000000000 +0200
+++ GraphicsMagick-1.3.25/coders/pdb.c 2016-11-28 13:37:43.771398618 +0100
@@ -429,7 +429,7 @@ static Image *ReadPDBImage(const ImageIn
*/
(void) ReadBlob(image,32,pdb_image.name);
pdb_image.version=ReadBlobByte(image);
- pdb_image.type=ReadBlobByte(image);
+ pdb_image.type=(unsigned char)ReadBlobByte(image);
pdb_image.reserved_1=ReadBlobMSBLong(image);
pdb_image.note=ReadBlobMSBLong(image);
pdb_image.x_last=ReadBlobMSBShort(image);
@@ -460,7 +460,7 @@ static Image *ReadPDBImage(const ImageIn
if (CheckImagePixelLimits(image, exception) != MagickPass)
ThrowPDBReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
- packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8,
+ packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8+4,
image->rows);
pixels=MagickAllocateMemory(unsigned char *,packets + (packets != 0 ? 256 : 0));
if (pixels == (unsigned char *) NULL)
@@ -907,7 +907,7 @@ static unsigned int WritePDBImage(const
if (!AcquireImagePixels(image,0,y,image->columns,1,&image->exception))
break;
(void) ExportImagePixelArea(image,GrayQuantum,image->depth,scanline,0,0);
- for (x=0; x < pdb_image.width; x++)
+ for (x=0; x < (long) pdb_image.width; x++)
{
if (x < (long) image->columns)
buffer[literal+repeat]|=(0xff-scanline[x*packet_size]) >>