diff options
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch')
| -rw-r--r-- | gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch | 80 |
1 files changed, 0 insertions, 80 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch deleted file mode 100644 index 46f6b032c7..0000000000 --- a/gnu/packages/patches/graphicsmagick-CVE-2017-14042.patch +++ /dev/null @@ -1,80 +0,0 @@ -http://openwall.com/lists/oss-security/2017/08/28/5 -http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d - -some changes were made to make the patch apply - -# HG changeset patch -# User Bob Friesenhahn <bfriesen@GraphicsMagick.org> -# Date 1503268616 18000 -# Node ID 3bbf7a13643df3be76b0e19088a6cc632eea2072 -# Parent 83a5b946180835f260bcb91e3d06327a8e2577e3 -PNM: For binary formats, verify sufficient backing file data before memory request. - -diff -r 83a5b9461808 -r 3bbf7a13643d coders/pnm.c ---- a/coders/pnm.c Sun Aug 20 17:31:35 2017 -0500 -+++ b/coders/pnm.c Sun Aug 20 17:36:56 2017 -0500 -@@ -569,7 +569,7 @@ - (void) LogMagickEvent(CoderEvent,GetMagickModule(),"Colors: %u", - image->colors); - } -- number_pixels=image->columns*image->rows; -+ number_pixels=MagickArraySize(image->columns,image->rows); - if (number_pixels == 0) - ThrowReaderException(CorruptImageError,NegativeOrZeroImageSize,image); - if (image->storage_class == PseudoClass) -@@ -858,14 +858,14 @@ - if (1 == bits_per_sample) - { - /* PBM */ -- bytes_per_row=((image->columns+7) >> 3); -+ bytes_per_row=((image->columns+7U) >> 3); - import_options.grayscale_miniswhite=MagickTrue; - quantum_type=GrayQuantum; - } - else - { - /* PGM & XV_332 */ -- bytes_per_row=((bits_per_sample+7)/8)*image->columns; -+ bytes_per_row=MagickArraySize(((bits_per_sample+7U)/8U),image->columns); - if (XV_332_Format == format) - { - quantum_type=IndexQuantum; -@@ -878,7 +878,8 @@ - } - else - { -- bytes_per_row=(((bits_per_sample+7)/8)*samples_per_pixel)*image->columns; -+ bytes_per_row=MagickArraySize((((bits_per_sample+7)/8)*samples_per_pixel), -+ image->columns); - if (3 == samples_per_pixel) - { - /* PPM */ -@@ -915,6 +916,28 @@ - is_monochrome=MagickFalse; - } - } -+ -+ /* Validate file size before allocating memory */ -+ if (BlobIsSeekable(image)) -+ { -+ const magick_off_t file_size = GetBlobSize(image); -+ const magick_off_t current_offset = TellBlob(image); -+ if ((file_size > 0) && -+ (current_offset > 0) && -+ (file_size > current_offset)) -+ { -+ const magick_off_t remaining = file_size-current_offset; -+ const magick_off_t needed = (magick_off_t) image->rows * -+ (magick_off_t) bytes_per_row; -+ if ((remaining < (magick_off_t) bytes_per_row) || -+ (remaining < needed)) -+ { -+ ThrowException(exception,CorruptImageError,UnexpectedEndOfFile, -+ image->filename); -+ break; -+ } -+ } -+ } - - scanline_set=AllocateThreadViewDataArray(image,exception,bytes_per_row,1); - if (scanline_set == (ThreadViewDataSet *) NULL) |