File ImageMagick-CVE-2019-11598.patch of Package ImageMagick.11105

Index: ImageMagick-7.0.7-34/MagickCore/quantize.c
===================================================================
--- ImageMagick-7.0.7-34.orig/MagickCore/quantize.c	2019-05-30 09:32:58.156333211 +0200
+++ ImageMagick-7.0.7-34/MagickCore/quantize.c	2019-05-30 09:37:27.933746620 +0200
@@ -2192,10 +2192,8 @@ MagickExport MagickBooleanType GetImageQ
     mean_error,
     mean_error_per_pixel;
 
-  size_t
-    index;
-
   ssize_t
+    index,
     y;
 
   assert(image != (Image *) NULL);
@@ -2226,7 +2224,7 @@ MagickExport MagickBooleanType GetImageQ
       break;
     for (x=0; x < (ssize_t) image->columns; x++)
     {
-      index=GetPixelIndex(image,p);
+      index=(ssize_t) GetPixelIndex(image,p);
       if (image->alpha_trait == BlendPixelTrait)
         {
           alpha=(double) (QuantumScale*GetPixelAlpha(image,p));
@@ -3309,6 +3307,9 @@ static MagickBooleanType SetGrayscaleIma
   register ssize_t
     i;
 
+  size_t
+    extent;
+
   ssize_t
     *colormap_index,
     j,
@@ -3318,19 +3319,15 @@ static MagickBooleanType SetGrayscaleIma
   assert(image->signature == MagickCoreSignature);
   if (image->type != GrayscaleType)
     (void) TransformImageColorspace(image,GRAYColorspace,exception);
-  if (image->storage_class == PseudoClass)
-    colormap_index=(ssize_t *) AcquireQuantumMemory(image->colors+1,
-      sizeof(*colormap_index));
-  else
-    colormap_index=(ssize_t *) AcquireQuantumMemory(MaxColormapSize+1,
-      sizeof(*colormap_index));
+  extent=MagickMax(image->colors+1,MagickMax(MaxColormapSize,MaxMap+1));
+  colormap_index=(ssize_t *) AcquireQuantumMemory(extent,
+    sizeof(*colormap_index));
   if (colormap_index == (ssize_t *) NULL)
     ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
       image->filename);
   if (image->storage_class != PseudoClass)
     {
-      (void) memset(colormap_index,(-1),MaxColormapSize*
-        sizeof(*colormap_index));
+      (void) memset(colormap_index,(-1),extent*sizeof(*colormap_index));
       if (AcquireImageColormap(image,MaxColormapSize,exception) == MagickFalse)
         {
           colormap_index=(ssize_t *) RelinquishMagickMemory(colormap_index);
@@ -3392,6 +3389,7 @@ static MagickBooleanType SetGrayscaleIma
       }
       image_view=DestroyCacheView(image_view);
     }
+  (void) memset(colormap_index,0,extent*sizeof(*colormap_index));
   for (i=0; i < (ssize_t) image->colors; i++)
     image->colormap[i].alpha=(double) i;
   qsort((void *) image->colormap,image->colors,sizeof(PixelInfo),
Index: ImageMagick-7.0.7-34/coders/exr.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/exr.c	2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/coders/exr.c	2019-05-30 09:32:58.628335684 +0200
@@ -266,6 +266,8 @@ static Image *ReadEXRImage(const ImageIn
           SetPixelViaPixelInfo(image,&image->background_color,q);
           q+=GetPixelChannels(image);
         }
+        if (SyncAuthenticPixels(image,exception) == MagickFalse)
+          break;
         continue;
       }
     memset(scanline,0,columns*sizeof(*scanline));
openSUSE Build Service is sponsored by