File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-201... of Package ImageMagick.openSUSE_13.2_Update

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-2014-9907.patch of Package ImageMagick.openSUSE_13.2_Update (Revision d657b51a2bb832fc1a9f87f4ddd39b57)

Currently displaying revision d657b51a2bb832fc1a9f87f4ddd39b57 , Show latest

Index: ImageMagick-6.8.9-8/coders/dds.c
===================================================================
--- ImageMagick-6.8.9-8.orig/coders/dds.c	2014-09-08 20:19:35.000000000 +0200
+++ ImageMagick-6.8.9-8/coders/dds.c	2016-06-22 14:22:03.207412962 +0200
@@ -766,11 +766,11 @@ static MagickBooleanType
 static void
   RemapIndices(const ssize_t *, const unsigned char *, unsigned char *);
 
-static void
-  SkipDXTMipmaps(Image *, DDSInfo *, int);
+static MagickBooleanType
+  SkipDXTMipmaps(Image *, DDSInfo *, int, ExceptionInfo *);
 
-static void
-  SkipRGBMipmaps(Image *, DDSInfo *, int);
+static MagickBooleanType
+  SkipRGBMipmaps(Image *, DDSInfo *, int, ExceptionInfo *);
 
 static
   MagickBooleanType WriteDDSImage(const ImageInfo *, Image *);
@@ -1815,6 +1815,8 @@ static Image *ReadDDSImage(const ImageIn
   {
     if (n != 0)
       {
+        if (EOFBlob(image) != MagickFalse)
+          ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
         /* Start a new image */
         AcquireNextImage(image_info,image);
         if (GetNextImageInList(image) == (Image *) NULL)
@@ -1834,6 +1836,12 @@ static Image *ReadDDSImage(const ImageIn
         (void) CloseBlob(image);
         return(GetFirstImageInList(image));
       }
+    status=SetImageExtent(image,image->columns,image->rows);
+    if (status == MagickFalse)
+      {
+        InheritException(exception,&image->exception);
+        return(DestroyImageList(image));
+      }
 
     if ((decoder)(image, &dds_info, exception) != MagickTrue)
       {
@@ -1842,10 +1850,6 @@ static Image *ReadDDSImage(const ImageIn
       }
   }
 
-  if (EOFBlob(image) != MagickFalse)
-    ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile",
-      image->filename);
-
   (void) CloseBlob(image);
   return(GetFirstImageInList(image));
 }
@@ -1970,9 +1974,7 @@ static MagickBooleanType ReadDXT1(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 8);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,8,exception));
 }
 
 static MagickBooleanType ReadDXT3(Image *image, DDSInfo *dds_info,
@@ -2057,9 +2059,7 @@ static MagickBooleanType ReadDXT3(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 16);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,16,exception));
 }
 
 static MagickBooleanType ReadDXT5(Image *image, DDSInfo *dds_info,
@@ -2158,9 +2158,7 @@ static MagickBooleanType ReadDXT5(Image
     }
   }
 
-  SkipDXTMipmaps(image, dds_info, 16);
-
-  return MagickTrue;
+  return(SkipDXTMipmaps(image,dds_info,16,exception));
 }
 
 static MagickBooleanType ReadUncompressedRGB(Image *image, DDSInfo *dds_info,
@@ -2222,9 +2220,7 @@ static MagickBooleanType ReadUncompresse
       return MagickFalse;
   }
 
-  SkipRGBMipmaps(image, dds_info, 3);
-
-  return MagickTrue;
+  return(SkipRGBMipmaps(image,dds_info,3,exception));
 }
 
 static MagickBooleanType ReadUncompressedRGBA(Image *image, DDSInfo *dds_info,
@@ -2316,9 +2312,7 @@ static MagickBooleanType ReadUncompresse
       return MagickFalse;
   }
 
-  SkipRGBMipmaps(image, dds_info, 4);
-
-  return MagickTrue;
+  return(SkipRGBMipmaps(image,dds_info,4,exception));
 }
 
 /*
@@ -2394,7 +2388,8 @@ static void RemapIndices(const ssize_t *
 /*
   Skip the mipmap images for compressed (DXTn) dds files
 */
-static void SkipDXTMipmaps(Image *image, DDSInfo *dds_info, int texel_size)
+static MagickBooleanType SkipDXTMipmaps(Image *image,DDSInfo *dds_info,
+  int texel_size,ExceptionInfo *exception)
 {
   register ssize_t
     i;
@@ -2409,6 +2404,12 @@ static void SkipDXTMipmaps(Image *image,
   /*
     Only skip mipmaps for textures and cube maps
   */
+  if (EOFBlob(image) != MagickFalse)
+    {
+      ThrowFileException(exception,CorruptImageWarning,"UnexpectedEndOfFile",
+        image->filename);
+      return(MagickFalse);
+    }
   if (dds_info->ddscaps1 & DDSCAPS_MIPMAP
       && (dds_info->ddscaps1 & DDSCAPS_TEXTURE
           || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP))
@@ -2422,18 +2423,20 @@ static void SkipDXTMipmaps(Image *image,
       for (i = 1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++)
       {
         offset = (MagickOffsetType) ((w + 3) / 4) * ((h + 3) / 4) * texel_size;
-        (void) SeekBlob(image, offset, SEEK_CUR);
-
+        if (SeekBlob(image,offset,SEEK_CUR) < 0)
+          break;
         w = DIV2(w);
         h = DIV2(h);
       }
     }
+  return(MagickTrue);
 }
 
 /*
   Skip the mipmap images for uncompressed (RGB or RGBA) dds files
 */
-static void SkipRGBMipmaps(Image *image, DDSInfo *dds_info, int pixel_size)
+static MagickBooleanType SkipRGBMipmaps(Image *image,DDSInfo *dds_info,
+  int pixel_size,ExceptionInfo *exception)
 {
   MagickOffsetType
     offset;
@@ -2448,6 +2451,12 @@ static void SkipRGBMipmaps(Image *image,
   /*
     Only skip mipmaps for textures and cube maps
   */
+  if (EOFBlob(image) != MagickFalse)
+    {
+      ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile",
+        image->filename);
+      return(MagickFalse);
+    }
   if (dds_info->ddscaps1 & DDSCAPS_MIPMAP
       && (dds_info->ddscaps1 & DDSCAPS_TEXTURE
           || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP))
@@ -2461,12 +2470,13 @@ static void SkipRGBMipmaps(Image *image,
       for (i=1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++)
       {
         offset = (MagickOffsetType) w * h * pixel_size;
-        (void) SeekBlob(image, offset, SEEK_CUR);
-
+        if (SeekBlob(image,offset,SEEK_CUR) < 0)
+          break;
         w = DIV2(w);
         h = DIV2(h);
       }
     }
+  return(MagickTrue);
 }
 
 /*

Places

File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-2014-9907.patch of Package ImageMagick.openSUSE_13.2_Update (Revision d657b51a2bb832fc1a9f87f4ddd39b57)

Places