File GraphicsMagick-CVE-2014-9817.patch of Package GraphicsMagick.7893
Index: GraphicsMagick-1.3.25/coders/pdb.c
===================================================================
--- GraphicsMagick-1.3.25.orig/coders/pdb.c 2016-11-28 14:32:28.537677059 +0100
+++ GraphicsMagick-1.3.25/coders/pdb.c 2016-11-28 14:35:13.216392950 +0100
@@ -460,7 +460,7 @@ static Image *ReadPDBImage(const ImageIn
if (CheckImagePixelLimits(image, exception) != MagickPass)
ThrowPDBReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
- packets=MagickArraySize(MagickArraySize(bits_per_pixel,image->columns)/8+4,
+ packets=MagickArraySize((MagickArraySize(bits_per_pixel,image->columns)+7)/8,
image->rows);
pixels=MagickAllocateMemory(unsigned char *,packets + (packets != 0 ? 256 : 0));
if (pixels == (unsigned char *) NULL)
@@ -880,8 +880,8 @@ static unsigned int WritePDBImage(const
if ((pdb_image.width < image->columns) ||
(pdb_image.height != image->rows))
ThrowPDBWriterException(CoderError,ImageColumnOrRowSizeIsNotSupported, image);
- packets=MagickArraySize(MagickArraySize(MagickArraySize(bits_per_pixel,
- pdb_image.width)/8,
+ packets=MagickArraySize(MagickArraySize((MagickArraySize(bits_per_pixel,
+ pdb_image.width)+7)/8,
pdb_image.height),2);
p=MagickAllocateMemory(unsigned char *,packets);
if (p == (unsigned char *) NULL)