File ImageMagick-CVE-2017-13061.patch of Package ImageMagick.openSUSE_Leap_42.3_Update
Index: ImageMagick-6.8.8-1/coders/psd.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/psd.c 2017-12-12 14:44:01.192520373 +0100
+++ ImageMagick-6.8.8-1/coders/psd.c 2017-12-12 15:54:56.712394831 +0100
@@ -1399,6 +1399,12 @@ static MagickStatusType ReadPSDLayers(Im
Layer name.
*/
length=(size_t) (unsigned char)ReadBlobByte(image);
+ if (length > GetBlobSize(image))
+ {
+ layer_info=DestroyLayerInfo(layer_info,number_layers);
+ ThrowBinaryException(CorruptImageError,
+ "InsufficientImageDataInFile",image->filename);
+ }
combined_length+=length+1;
for (j=0; j < (ssize_t) length; j++)
layer_info[i].name[j]=(unsigned char) ReadBlobByte(image);
@@ -1806,8 +1812,7 @@ static Image *ReadPSDImage(const ImageIn
if (skip_layers == MagickFalse)
if (ReadPSDLayers(image,&psd_info,exception) != MagickTrue)
{
- (void) CloseBlob(image);
- return((Image *) NULL);
+ ThrowReaderException(image->exception.severity, image->exception.reason);
}
/*