File ImageMagick-CVE-2015-8957.patch of Package ImageMagick.8768

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2015-8957.patch of Package ImageMagick.8768

From dd10f3aa45b008789c39ae3c0d7242ca1d00a919 Mon Sep 17 00:00:00 2001
From: cristy <urban-warrior@git.imagemagick.org>
Date: Tue, 6 Jan 2015 12:12:40 +0000
Subject: [PATCH] 
 http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838

---
 coders/sun.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Index: ImageMagick-6.8.8-1/coders/sun.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/sun.c	2016-10-03 13:50:25.813646266 +0200
+++ ImageMagick-6.8.8-1/coders/sun.c	2016-10-03 13:50:43.597935903 +0200
@@ -67,6 +67,13 @@
 /*
   Forward declarations.
 */
+static inline ssize_t MagickMax(const ssize_t x,const ssize_t y)
+{
+  if (x > y)
+    return(x);
+  return(y);
+}
+
 static MagickBooleanType
   WriteSUNImage(const ImageInfo *,Image *);
 
@@ -338,21 +345,13 @@ static Image *ReadSUNImage(const ImageIn
           image->colors=one << sun_info.depth;
         if (sun_info.maptype == RMT_EQUAL_RGB)
           image->colors=sun_info.maplength/3;
+        if (AcquireImageColormap(image,image->colors) == MagickFalse)
+          ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
       }
     switch (sun_info.maptype)
     {
       case RMT_NONE:
-      {
-        if (sun_info.depth < 24)
-          {
-            /*
-              Create linear color ramp.
-            */
-            if (AcquireImageColormap(image,image->colors) == MagickFalse)
-              ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
-          }
         break;
-      }
       case RMT_EQUAL_RGB:
       {
         unsigned char
@@ -361,8 +360,6 @@ static Image *ReadSUNImage(const ImageIn
         /*
           Read SUN raster colormap.
         */
-        if (AcquireImageColormap(image,image->colors) == MagickFalse)
-          ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         sun_colormap=(unsigned char *) AcquireQuantumMemory(image->colors,
           sizeof(*sun_colormap));
         if (sun_colormap == (unsigned char *) NULL)
@@ -421,8 +418,9 @@ static Image *ReadSUNImage(const ImageIn
     if ((sun_info.type != RT_ENCODED) && (sun_info.depth >= 8) &&
         ((number_pixels*((sun_info.depth+7)/8)) > sun_info.length))
       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
-    sun_data=(unsigned char *) AcquireQuantumMemory((size_t) sun_info.length,
-      sizeof(*sun_data));
+    bytes_per_line=sun_info.width*sun_info.depth;
+    sun_data=(unsigned char *) AcquireQuantumMemory((size_t) MagickMax(
+      sun_info.length,bytes_per_line*sun_info.width),sizeof(*sun_data));
     if (sun_data == (unsigned char *) NULL)
       ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
     count=(ssize_t) ReadBlob(image,sun_info.length,sun_data);
@@ -439,7 +437,6 @@ static Image *ReadSUNImage(const ImageIn
           Read run-length encoded raster pixels.
         */
         height=sun_info.height;
-        bytes_per_line=sun_info.width*sun_info.depth;
         if ((height == 0) || (sun_info.width == 0) || (sun_info.depth == 0) ||
             ((bytes_per_line/sun_info.depth) != sun_info.width))
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");

Places

File ImageMagick-CVE-2015-8957.patch of Package ImageMagick.8768

Places