Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Maintenance:8951
ImageMagick.openSUSE_Leap_42.3_Update
ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-201...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ImageMagick-CVE-2016-5687,CVE-2015-8959,CVE-2014-9907.patch of Package ImageMagick.openSUSE_Leap_42.3_Update
Index: ImageMagick-6.8.8-1/coders/dds.c =================================================================== --- ImageMagick-6.8.8-1.orig/coders/dds.c 2013-12-22 03:08:38.000000000 +0100 +++ ImageMagick-6.8.8-1/coders/dds.c 2016-06-22 14:33:52.999013386 +0200 @@ -777,11 +777,11 @@ static MagickBooleanType static void RemapIndices(const ssize_t *, const unsigned char *, unsigned char *); -static void - SkipDXTMipmaps(Image *, DDSInfo *, int); +static MagickBooleanType + SkipDXTMipmaps(Image *, DDSInfo *, int, ExceptionInfo *); -static void - SkipRGBMipmaps(Image *, DDSInfo *, int); +static MagickBooleanType + SkipRGBMipmaps(Image *, DDSInfo *, int, ExceptionInfo *); static MagickBooleanType WriteDDSImage(const ImageInfo *, Image *); @@ -1809,6 +1809,8 @@ static Image *ReadDDSImage(const ImageIn { if (n != 0) { + if (EOFBlob(image) != MagickFalse) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); /* Start a new image */ AcquireNextImage(image_info,image); if (GetNextImageInList(image) == (Image *) NULL) @@ -1831,6 +1833,12 @@ static Image *ReadDDSImage(const ImageIn (void) CloseBlob(image); return(GetFirstImageInList(image)); } + status=SetImageExtent(image,image->columns,image->rows); + if (status == MagickFalse) + { + InheritException(exception,&image->exception); + return(DestroyImageList(image)); + } if ((decoder)(image, &dds_info) != MagickTrue) { @@ -1839,10 +1847,6 @@ static Image *ReadDDSImage(const ImageIn } } - if (EOFBlob(image) != MagickFalse) - ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", - image->filename); - (void) CloseBlob(image); return(GetFirstImageInList(image)); } @@ -1970,9 +1974,7 @@ static MagickBooleanType ReadDXT1(Image } } - SkipDXTMipmaps(image, dds_info, 8); - - return MagickTrue; + return(SkipDXTMipmaps(image,dds_info,8,exception)); } static MagickBooleanType ReadDXT3(Image *image, DDSInfo *dds_info) @@ -2060,9 +2062,7 @@ static MagickBooleanType ReadDXT3(Image } } - SkipDXTMipmaps(image, dds_info, 16); - - return MagickTrue; + return(SkipDXTMipmaps(image,dds_info,16,exception)); } static MagickBooleanType ReadDXT5(Image *image, DDSInfo *dds_info) @@ -2164,9 +2164,7 @@ static MagickBooleanType ReadDXT5(Image } } - SkipDXTMipmaps(image, dds_info, 16); - - return MagickTrue; + return(SkipDXTMipmaps(image,dds_info,16,exception)); } static MagickBooleanType ReadUncompressedRGB(Image *image, DDSInfo *dds_info) @@ -2205,9 +2203,7 @@ static MagickBooleanType ReadUncompresse return MagickFalse; } - SkipRGBMipmaps(image, dds_info, 3); - - return MagickTrue; + return(SkipRGBMipmaps(image,dds_info,3,exception)); } static MagickBooleanType ReadUncompressedRGBA(Image *image, DDSInfo *dds_info) @@ -2246,9 +2242,7 @@ static MagickBooleanType ReadUncompresse return MagickFalse; } - SkipRGBMipmaps(image, dds_info, 4); - - return MagickTrue; + return(SkipRGBMipmaps(image,dds_info,4,exception)); } /* @@ -2324,7 +2318,8 @@ static void RemapIndices(const ssize_t * /* Skip the mipmap images for compressed (DXTn) dds files */ -static void SkipDXTMipmaps(Image *image, DDSInfo *dds_info, int texel_size) +static MagickBooleanType SkipDXTMipmaps(Image *image,DDSInfo *dds_info, + int texel_size,ExceptionInfo *exception) { register ssize_t i; @@ -2339,6 +2334,12 @@ static void SkipDXTMipmaps(Image *image, /* Only skip mipmaps for textures and cube maps */ + if (EOFBlob(image) != MagickFalse) + { + ThrowFileException(exception,CorruptImageWarning,"UnexpectedEndOfFile", + image->filename); + return(MagickFalse); + } if (dds_info->ddscaps1 & DDSCAPS_MIPMAP && (dds_info->ddscaps1 & DDSCAPS_TEXTURE || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP)) @@ -2352,18 +2353,20 @@ static void SkipDXTMipmaps(Image *image, for (i = 1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++) { offset = (MagickOffsetType) ((w + 3) / 4) * ((h + 3) / 4) * texel_size; - (void) SeekBlob(image, offset, SEEK_CUR); - + if (SeekBlob(image,offset,SEEK_CUR) < 0) + break; w = DIV2(w); h = DIV2(h); } } + return(MagickTrue); } /* Skip the mipmap images for uncompressed (RGB or RGBA) dds files */ -static void SkipRGBMipmaps(Image *image, DDSInfo *dds_info, int pixel_size) +static MagickBooleanType SkipRGBMipmaps(Image *image,DDSInfo *dds_info, + int pixel_size,ExceptionInfo *exception) { MagickOffsetType offset; @@ -2378,6 +2381,12 @@ static void SkipRGBMipmaps(Image *image, /* Only skip mipmaps for textures and cube maps */ + if (EOFBlob(image) != MagickFalse) + { + ThrowFileException(exception,CorruptImageError,"UnexpectedEndOfFile", + image->filename); + return(MagickFalse); + } if (dds_info->ddscaps1 & DDSCAPS_MIPMAP && (dds_info->ddscaps1 & DDSCAPS_TEXTURE || dds_info->ddscaps2 & DDSCAPS2_CUBEMAP)) @@ -2391,12 +2400,13 @@ static void SkipRGBMipmaps(Image *image, for (i=1; (i < (ssize_t) dds_info->mipmapcount) && w && h; i++) { offset = (MagickOffsetType) w * h * pixel_size; - (void) SeekBlob(image, offset, SEEK_CUR); - + if (SeekBlob(image,offset,SEEK_CUR) < 0) + break; w = DIV2(w); h = DIV2(h); } } + return(MagickTrue); } /*
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
