Overview

File ImageMagick-CVE-2017-13769.patch of Package ImageMagick.openSUSE_Leap_42.3_Update

From 73e085bd8a77541fb9faf0584951783fdeac97f2 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 29 Aug 2017 07:02:24 -0400
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/705

---
 coders/thumbnail.c | 2 ++
 1 file changed, 2 insertions(+)

Index: ImageMagick-6.8.8-1/coders/thumbnail.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/thumbnail.c	2013-12-01 15:47:50.000000000 +0100
+++ ImageMagick-6.8.8-1/coders/thumbnail.c	2017-11-07 08:31:02.592817828 +0100
@@ -178,7 +178,7 @@ static MagickBooleanType WriteTHUMBNAILI
     offset;
 
   unsigned char
-    magick[MaxTextExtent];
+    *q;
 
   profile=GetImageProfile(image,"exif");
   if (profile == (const StringInfo *) NULL)
@@ -187,21 +187,22 @@ static MagickBooleanType WriteTHUMBNAILI
   if (property == (const char *) NULL)
     ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
   offset=(ssize_t) StringToLong(property);
+  if (offset < 0)
+    ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
   property=GetImageProperty(image,"exif:JPEGInterchangeFormatLength");
   if (property == (const char *) NULL)
     ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
   length=(size_t) StringToLong(property);
-  (void) ResetMagickMemory(magick,0,sizeof(magick));
-  for (i=0; i < (ssize_t) length; i++)
+  q=GetStringInfoDatum(profile)+offset;
+  for (i=offset; i < (ssize_t) GetStringInfoLength(profile) - 3; i++)
   {
-    magick[0]=magick[1];
-    magick[1]=magick[2];
-    magick[2]=GetStringInfoDatum(profile)[offset+i];
-    if (memcmp(magick,"\377\330\377",3) == 0)
+    if (memcmp(q,"\377\330\377",3) == 0)
       break;
+    q++;
   }
-  thumbnail_image=BlobToImage(image_info,GetStringInfoDatum(profile)+offset+i-2,
-    length,&image->exception);
+  if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)))
+    ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
+  thumbnail_image=BlobToImage(image_info,q,length,&image->exception);
   if (thumbnail_image == (Image *) NULL)
     return(MagickFalse);
   (void) SetImageType(thumbnail_image,thumbnail_image->matte == MagickFalse ?
openSUSE Build Service is sponsored by
Places