File ImageMagick-CVE-2017-14343,12691.patch of Package ImageMagick.openSUSE_Leap_42.3_Update
Index: ImageMagick-6.8.8-1/coders/xcf.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/xcf.c 2017-12-13 21:52:10.079065527 +0100
+++ ImageMagick-6.8.8-1/coders/xcf.c 2017-12-13 22:20:33.001754132 +0100
@@ -374,8 +374,11 @@ static MagickBooleanType load_tile(Image
graydata=(unsigned char *) xcfdata; /* used by gray and indexed */
count=ReadBlob(image,data_length,(unsigned char *) xcfdata);
if (count != (ssize_t) data_length)
- ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",
- image->filename);
+ {
+ xcfodata=(XCFPixelPacket *) RelinquishMagickMemory(xcfodata);
+ ThrowBinaryException(CorruptImageError,"NotEnoughPixelData",
+ image->filename);
+ }
exception=(&image->exception);
for (y=0; y < (ssize_t) tile_image->rows; y++)
{
@@ -1344,10 +1361,11 @@ static Image *ReadXCFImage(const ImageIn
&layer_info[current_layer],current_layer);
if (layer_ok == MagickFalse)
{
- int j;
+ ssize_t j;
- for (j=0; j < current_layer; j++)
- layer_info[j].image=DestroyImage(layer_info[j].image);
+ for (j=0; j <= current_layer; j++)
+ if (layer_info[j].image != (Image *) NULL)
+ layer_info[j].image=DestroyImage(layer_info[j].image);
layer_info=(XCFLayerInfo *) RelinquishMagickMemory(layer_info);
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
}