File ImageMagick-CVE-2016-8684.patch of Package ImageMagick.openSUSE_Leap_42.3_Update

 %
Index: ImageMagick-6.8.9-8/coders/sgi.c
===================================================================
--- ImageMagick-6.8.9-8.orig/coders/sgi.c	2016-10-18 13:52:30.912192191 +0200
+++ ImageMagick-6.8.9-8/coders/sgi.c	2016-10-18 13:52:46.616430395 +0200
@@ -302,6 +302,9 @@ static Image *ReadSGIImage(const ImageIn
   unsigned char
     *pixels;
 
+  off_t
+    file_size;
+
   /*
     Open image file.
   */
@@ -323,6 +326,7 @@ static Image *ReadSGIImage(const ImageIn
     Read SGI raster header.
   */
   iris_info.magic=ReadBlobMSBShort(image);
+  file_size=GetBlobSize(image);
   do
   {
     /*
@@ -378,6 +382,31 @@ static Image *ReadSGIImage(const ImageIn
       if (image->scene >= (image_info->scene+image_info->number_scenes-1))
         break;
     /*
+        Check that filesize is reasonable given header
+      */
+      {
+        double
+          uncompressed_size;
+
+        uncompressed_size=((double) (iris_info.dimension == 3 ? iris_info.depth : 1)*
+                           image->columns*image->rows*iris_info.bytes_per_pixel);
+        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                              "Uncompressed size: %.0f", uncompressed_size);
+        if (iris_info.storage != 0x01)
+          {
+            /* Not compressed */
+            if (uncompressed_size > file_size)
+              ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+          }
+        else
+          {
+            /* RLE compressed */
+            if (uncompressed_size > file_size*254.0)
+              ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+          }
+      }
+
+      /*
       Allocate SGI pixels.
     */
     bytes_per_pixel=(size_t) iris_info.bytes_per_pixel;
Places

File ImageMagick-CVE-2016-8684.patch of Package ImageMagick.openSUSE_Leap_42.3_Update

Places
