File ImageMagick-CVE-2025-68469.patch of Package ImageMagick.42116

From a531d28e31309676ce8168c3b6dbbb5374b78790 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 26 Jun 2023 19:38:12 -0400
Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed
 by Hardik shah of Vehere (Dawn Treaders team)

---
 coders/tiff.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Index: ImageMagick-7.1.0-9/coders/tiff.c
===================================================================
--- ImageMagick-7.1.0-9.orig/coders/tiff.c
+++ ImageMagick-7.1.0-9/coders/tiff.c
@@ -1983,7 +1983,14 @@ static Image *ReadTIFFImage(const ImageI
           *p;
 
         size_t
-          extent;
+          extent,
+          length;
+
+        ssize_t
+          stride;
+
+        tmsize_t
+          tile_size;
 
         uint32
           columns,
@@ -2001,7 +2008,11 @@ static Image *ReadTIFFImage(const ImageI
         number_pixels=(MagickSizeType) columns*rows;
         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
-        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+        tile_size=TIFFTileSize(tiff);
+        stride=(ssize_t) TIFFTileRowSize(tiff);
+        length=GetQuantumExtent(image,quantum_info,quantum_type);
+        extent=(size_t) MagickMax((size_t) tile_size,rows*
+          MagickMax((size_t) stride,length));
 #if defined(TIFF_VERSION_BIG)
         extent+=image->columns*sizeof(uint64);
 #else
@@ -2063,7 +2074,7 @@ static Image *ReadTIFFImage(const ImageI
                   break;
                 (void) ImportQuantumPixels(image,(CacheView *) NULL,
                   quantum_info,quantum_type,p,exception);
-                p+=TIFFTileRowSize(tiff);
+                p+=stride;
                 if (SyncAuthenticPixels(image,exception) == MagickFalse)
                   break;
               }