summary refs log tree commit diff
path: root/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch')
-rw-r--r--gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch72
1 files changed, 0 insertions, 72 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
deleted file mode 100644
index 1f55d90d38..0000000000
--- a/gnu/packages/patches/graphicsmagick-CVE-2017-14165.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/493da54370aa
-http://openwall.com/lists/oss-security/2017/09/06/4
-
-some changes were made to make the patch apply
-
-# HG changeset patch
-# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
-# Date 1503257388 18000
-# Node ID 493da54370aa42cb430c52a69eb75db0001a5589
-# Parent  f8724674907902b7bc37c04f252fe30fbdd88e6f
-SUN: Verify that file header data length, and file length are sufficient for claimed image dimensions.
-
-diff -r f87246749079 -r 493da54370aa coders/sun.c
---- a/coders/sun.c	Sun Aug 20 12:21:03 2017 +0200
-+++ b/coders/sun.c	Sun Aug 20 14:29:48 2017 -0500
-@@ -498,6 +498,12 @@
-     if (sun_info.depth < 8)
-       image->depth=sun_info.depth;
- 
-+    if (image_info->ping)
-+      {
-+        CloseBlob(image);
-+        return(image);
-+      }
-+
-     /*
-       Compute bytes per line and bytes per image for an unencoded
-       image.
-@@ -522,15 +528,37 @@
-       if (bytes_per_image > sun_info.length)
-         ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
- 
--    if (image_info->ping)
--      {
--        CloseBlob(image);
--        return(image);
--      }
-     if (sun_info.type == RT_ENCODED)
-       sun_data_length=(size_t) sun_info.length;
-     else
-       sun_data_length=bytes_per_image;
-+
-+    /*
-+      Verify that data length claimed by header is supported by file size
-+    */
-+    if (sun_info.type == RT_ENCODED)
-+      {
-+        if (sun_data_length < bytes_per_image/255U)
-+          {
-+            ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
-+          }
-+      }
-+    if (BlobIsSeekable(image))
-+      {
-+        const magick_off_t file_size = GetBlobSize(image);
-+        const magick_off_t current_offset = TellBlob(image);
-+        if ((file_size > 0) &&
-+            (current_offset > 0) &&
-+            (file_size > current_offset))
-+        {
-+          const magick_off_t remaining = file_size-current_offset;
-+          if (remaining < (magick_off_t) sun_data_length)
-+            {
-+              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
-+            }
-+        }
-+      }
-+
-     sun_data=MagickAllocateMemory(unsigned char *,sun_data_length);
-     if (sun_data == (unsigned char *) NULL)
-       ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,image);
-