Overview

File ImageMagick-CVE-2017-12430,12429.patch of Package ImageMagick.8768

Index: ImageMagick-6.8.8-1/coders/mpc.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/mpc.c	2018-01-03 15:21:11.476530819 +0100
+++ ImageMagick-6.8.8-1/coders/mpc.c	2018-01-03 15:21:11.484530955 +0100
@@ -837,25 +837,27 @@ static Image *ReadMPCImage(const ImageIn
     depth=GetImageQuantumDepth(image,MagickFalse);
     if (image->storage_class == PseudoClass)
       {
+        size_t
+          packet_size;
+
+        unsigned char
+          *colormap;
+
         /*
           Create image colormap.
         */
+        packet_size=(size_t) (3UL*depth/8UL);
+        if ((packet_size*image->colors) > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         image->colormap=(PixelPacket *) AcquireQuantumMemory(image->colors+1,
           sizeof(*image->colormap));
         if (image->colormap == (PixelPacket *) NULL)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         if (image->colors != 0)
           {
-            size_t
-              packet_size;
-
-            unsigned char
-              *colormap;
-
             /*
               Read image colormap from file.
             */
-            packet_size=(size_t) (3UL*depth/8UL);
             colormap=(unsigned char *) AcquireQuantumMemory(image->colors,
               packet_size*sizeof(*colormap));
             if (colormap == (unsigned char *) NULL)
Index: ImageMagick-6.8.8-1/coders/miff.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/miff.c	2018-01-03 15:21:09.604499111 +0100
+++ ImageMagick-6.8.8-1/coders/miff.c	2018-01-03 15:25:33.541121837 +0100
@@ -1162,24 +1162,26 @@ static Image *ReadMIFFImage(const ImageI
     image->depth=GetImageQuantumDepth(image,MagickFalse);
     if (image->storage_class == PseudoClass)
       {
+        size_t
+          packet_size;
+
+        unsigned char
+          *colormap;
+
         /*
           Create image colormap.
         */
+        packet_size=(size_t) (3UL*image->depth/8UL);
+        if ((packet_size*colors) > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         status=AcquireImageColormap(image,colors != 0 ? colors : 256);
         if (status == MagickFalse)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         if (colors != 0)
           {
-            size_t
-              packet_size;
-
-            unsigned char
-              *colormap;
-
             /*
               Read image colormap from file.
             */
-            packet_size=(size_t) (3UL*image->depth/8UL);
             colormap=(unsigned char *) AcquireQuantumMemory(image->colors,
               packet_size*sizeof(*colormap));
             if (colormap == (unsigned char *) NULL)
openSUSE Build Service is sponsored by
Places