packages/GraphicsMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
GraphicsMagick/CVE-2019-11006.patch
maminjie 45c8317c00 fix some CVEs 
CVE-2018-18544
CVE-2019-7397
CVE-2019-11005
CVE-2019-11006
CVE-2019-11010
CVE-2019-12921
CVE-2020-10938
CVE-2020-12672
2020-09-19 18:21:55 +08:00

46 lines
1.8 KiB
Diff
Raw Blame History

From a404f04f6114057b9b64eab8436a0668f6aa16f7 Mon Sep 17 00:00:00 2001
From: maminjie <maminjie1@huawei.com>
Date: Sat, 19 Sep 2020 15:35:05 +0800
Subject: [PATCH] ReadMIFFImage(): Detect end of file while reading RLE
packets. (CVE-2019-11006)
refers to http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/f7610c1281c1
---
coders/miff.c | 13 +++++++++++--
1 file changed, 11 insertions(+), 2 deletions(-)
diff --git a/coders/miff.c b/coders/miff.c
index 307b10e..60ad6f7 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1706,7 +1706,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
p=pixels;
for (length=0; length < image->columns; )
{
- p+=ReadBlob(image,packet_size,p);
+ size_t
+ bytes_read;
+
+ if ((bytes_read=ReadBlob(image,packet_size,p)) != packet_size)
+ ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile,
+ image);
+ p+=bytes_read;
length+=*(p-1)+1;
}
@@ -1731,7 +1737,10 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
if (q == (PixelPacket *) NULL)
break;
pixels_p=pixels;
- (void) ReadBlobZC(image,packet_size*image->columns,&pixels_p);
+ if (ReadBlobZC(image,packet_size*image->columns,&pixels_p)
+ != (size_t) packet_size*image->columns)
+ ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile,
+ image);
(void) ImportImagePixelArea(image,quantum_type,quantum_size,(const unsigned char*) pixels_p,0,0);
if (!SyncImagePixels(image))
break;
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink