26 lines
957 B
Diff
26 lines
957 B
Diff
From 7c8ab995a65a32b8283297226e108ce828a5679a Mon Sep 17 00:00:00 2001
|
|
From: cenhuilin <cenhuilin@kylinos.cn>
|
|
Date: Fri, 19 Aug 2022 21:02:49 +0800
|
|
Subject: [PATCH] heap-buffer-overflow in magick at quantum-private.h PushShortPixel
|
|
|
|
---
|
|
coders/tiff.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/coders/tiff.c b/coders/tiff.c
|
|
index 31839f6..32ae00a 100644
|
|
--- a/coders/tiff.c
|
|
+++ b/coders/tiff.c
|
|
@@ -1987,7 +1987,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
|
|
number_pixels=(MagickSizeType) columns*rows;
|
|
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
|
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
|
- extent=MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
|
|
+ extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
|
|
#if defined(TIFF_VERSION_BIG)
|
|
extent+=image->columns*sizeof(uint64);
|
|
#else
|
|
--
|
|
2.33.0
|
|
|