Overview

File ImageMagick-CVE-2014-9837.patch of Package ImageMagick.8768

--- a/coders/pnm.c
+++ b/coders/pnm.c
@@ -181,12 +181,12 @@ static void PNMComment(Image *image)
   comment=DestroyString(comment);
 }
 
-static size_t PNMInteger(Image *image,const unsigned int base)
+static unsigned int PNMInteger(Image *image,const unsigned int base)
 {
   int
     c;
 
-  size_t
+  unsigned int
     value;
 
   /*
@@ -201,14 +201,18 @@ static size_t PNMInteger(Image *image,const unsigned int base)
       PNMComment(image);
   } while (isdigit(c) == MagickFalse);
   if (base == 2)
-    return((size_t) (c-(int) '0'));
+    return((unsigned int) (c-(int) '0'));
   /*
     Evaluate number.
   */
   value=0;
   do
   {
+    if (value > (unsigned int) (INT_MAX/10))
+      break;
     value*=10;
+    if (value > (INT_MAX-c))
+      break;
     value+=c-(int) '0';
     c=ReadBlobByte(image);
     if (c == EOF)
openSUSE Build Service is sponsored by
Places