Overview

File ImageMagick-CVE-2017-13061.patch of Package ImageMagick.openSUSE_Leap_42.3_Update

Index: ImageMagick-6.8.8-1/coders/psd.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/psd.c	2017-12-12 14:44:01.192520373 +0100
+++ ImageMagick-6.8.8-1/coders/psd.c	2017-12-12 15:54:56.712394831 +0100
@@ -1399,6 +1399,12 @@ static MagickStatusType ReadPSDLayers(Im
               Layer name.
             */
             length=(size_t) (unsigned char)ReadBlobByte(image);
+            if (length > GetBlobSize(image))
+              {
+                layer_info=DestroyLayerInfo(layer_info,number_layers);
+                ThrowBinaryException(CorruptImageError,
+                                     "InsufficientImageDataInFile",image->filename);
+              }
             combined_length+=length+1;
             for (j=0; j < (ssize_t) length; j++)
               layer_info[i].name[j]=(unsigned char) ReadBlobByte(image);
@@ -1806,8 +1812,7 @@ static Image *ReadPSDImage(const ImageIn
       if (skip_layers == MagickFalse)
         if (ReadPSDLayers(image,&psd_info,exception) != MagickTrue)
           {
-            (void) CloseBlob(image);
-            return((Image *) NULL);
+            ThrowReaderException(image->exception.severity, image->exception.reason);
           }
 
       /*
openSUSE Build Service is sponsored by
Places