Overview

File GraphicsMagick-CVE-2017-16352.patch of Package GraphicsMagick.openSUSE_Leap_42.3_Update

--- a/magick/describe.c	Sun Oct 22 13:30:17 2017 -0500
+++ b/magick/describe.c	Sun Oct 22 13:51:02 2017 -0500
@@ -851,7 +851,8 @@
       for (p=image->directory; *p != '\0'; p++)
         {
           q=p;
-          while ((*q != '\n') && (*q != '\0'))
+          while ((*q != '\n') && (*q != '\0') &&
+                 ((size_t) (q-p) < sizeof(image_info->filename)))
             q++;
           (void) strncpy(image_info->filename,p,q-p);
           image_info->filename[q-p]='\0';
openSUSE Build Service is sponsored by
Places