packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-20244

Browse Source
This commit is contained in:
wangxiao65 2021-03-20 09:10:32 +08:00
parent cfc83f4786
commit ee28ca6294
2 changed files with 53 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2021-20244.patch Normal file
View File

@ -0,0 +1,48 @@
From 329dd528ab79531d884c0ba131e97d43f872ab5d Mon Sep 17 00:00:00 2001
From: ruc_zhangxiaohui <553441439@qq.com>
Date: Thu, 4 Feb 2021 04:19:08 +0800
Subject: [PATCH] uses the PerceptibleReciprocal() to prevent the
divide-by-zero from occurring (#3194)
Co-authored-by: Zhang Xiaohui <ruc_zhangxiaohui@163.com>
---
magick/fx.c | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/magick/fx.c b/magick/fx.c
index 07a54eb..5041de6 100644
--- a/magick/fx.c
+++ b/magick/fx.c
@@ -3403,11 +3403,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount,
center.y=0.5*image->rows;
radius=center.x;
if (image->columns > image->rows)
- scale.y=(double) image->columns/(double) image->rows;
+ scale.y=(double) image->columns*PerceptibleReciprocal((double) image->rows);
else
if (image->columns < image->rows)
{
- scale.x=(double) image->rows/(double) image->columns;
+ scale.x=(double) image->rows*PerceptibleReciprocal((double) image->columns);
radius=center.y;
}
/*
@@ -3471,11 +3471,11 @@ MagickExport Image *ImplodeImage(const Image *image,const double amount,
*/
factor=1.0;
if (distance > 0.0)
- factor=pow(sin((double) (MagickPI*sqrt((double) distance)/
- radius/2)),-amount);
+ factor=pow(sin((double) (MagickPI*sqrt((double) distance)*PerceptibleReciprocal(
+ radius)/2)),-amount);
status=InterpolateMagickPixelPacket(image,image_view,
- UndefinedInterpolatePixel,(double) (factor*delta.x/scale.x+
- center.x),(double) (factor*delta.y/scale.y+center.y),&pixel,
+ UndefinedInterpolatePixel,(double) (factor*delta.x*PerceptibleReciprocal(scale.x)+
+ center.x),(double) (factor*delta.y*PerceptibleReciprocal(scale.y)+center.y),&pixel,
exception);
if (status == MagickFalse)
break;
--
2.23.0

6
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 6.9.10.67 Version: 6.9.10.67
Release: 16 Release: 17
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT License: ImageMagick and MIT
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
@ -42,6 +42,7 @@ Patch0032: CVE-2020-27750.patch
Patch0033: CVE-2020-25665.patch Patch0033: CVE-2020-25665.patch
Patch0034: CVE-2020-25674.patch Patch0034: CVE-2020-25674.patch
Patch0035: CVE-2021-20241-CVE-2021-20243.patch Patch0035: CVE-2021-20241-CVE-2021-20243.patch
Patch0036: CVE-2021-20244.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -198,6 +199,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++* %{_libdir}/pkgconfig/ImageMagick++*
%changelog %changelog
* Sat Mar 20 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-17
- Fix CVE-2021-20244
* Tue Mar 16 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-16 * Tue Mar 16 2021 wangxiao <wangxiao65@huawei.com> - 6.9.10.67-16
- Fix CVE-2021-20241 CVE-2021-20243 - Fix CVE-2021-20241 CVE-2021-20243