26 lines
1.1 KiB
Diff
26 lines
1.1 KiB
Diff
From a531d28e31309676ce8168c3b6dbbb5374b78790 Mon Sep 17 00:00:00 2001
|
|
From: Cristy <urban-warrior@imagemagick.org>
|
|
Date: Mon, 26 Jun 2023 19:38:12 -0400
|
|
Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed
|
|
by Hardik shah of Vehere (Dawn Treaders team)
|
|
|
|
Origin: https://github.com/ImageMagick/ImageMagick/commit/a531d28e31309676ce8168c3b6dbbb5374b78790
|
|
|
|
---
|
|
coders/tiff.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/coders/tiff.c b/coders/tiff.c
|
|
index 9e0d0b1201..df4274cacd 100644
|
|
--- a/coders/tiff.c
|
|
+++ b/coders/tiff.c
|
|
@@ -2010,7 +2010,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
|
|
number_pixels=(MagickSizeType) columns*rows;
|
|
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
|
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
|
- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
|
|
+ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
|
|
TIFFTileSize(tiff));
|
|
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
|
sizeof(*tile_pixels));
|