packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ImageMagick/CVE-2022-3213-pre2.patch
chenwenjie acf82c594c CVE-2022-3213 
modified:   ImageMagick.spec

(cherry picked from commit 79ac39ec17119d3517db9c86c78c14a83d147494)
2022-10-14 08:59:20 +08:00

55 lines
2.4 KiB
Diff
Raw Blame History

From 2b4eabb9d09b278f16727c635e928bd951c58773 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 29 Jun 2022 19:41:14 -0400
Subject: [PATCH] eliminate possible buffer overflow
---
coders/tiff.c | 19 ++-----------------
1 file changed, 2 insertions(+), 17 deletions(-)
diff --git a/coders/tiff.c b/coders/tiff.c
index d5e30293db..d88711f941 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1794,12 +1794,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
/*
Convert stripped TIFF image.
*/
- extent=(samples_per_pixel+1)*TIFFStripSize(tiff);
-#if defined(TIFF_VERSION_BIG)
- extent+=samples_per_pixel*sizeof(uint64);
-#else
- extent+=samples_per_pixel*sizeof(uint32);
-#endif
+ extent=4*(samples_per_pixel+1)*TIFFStripSize(tiff);
strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
sizeof(*strip_pixels));
if (strip_pixels == (unsigned char *) NULL)
@@ -1894,13 +1889,8 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
number_pixels=(MagickSizeType) columns*rows;
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
- extent=(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+ extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
TIFFTileSize(tiff));
-#if defined(TIFF_VERSION_BIG)
- extent+=samples_per_pixel*sizeof(uint64);
-#else
- extent+=samples_per_pixel*sizeof(uint32);
-#endif
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
sizeof(*tile_pixels));
if (tile_pixels == (unsigned char *) NULL)
@@ -1996,11 +1986,6 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
if (HeapOverflowSanityCheck(image->rows,sizeof(*pixels)) != MagickFalse)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
number_pixels=(MagickSizeType) image->columns*image->rows;
-#if defined(TIFF_VERSION_BIG)
- number_pixels+=samples_per_pixel*sizeof(uint64);
-#else
- number_pixels+=samples_per_pixel*sizeof(uint32);
-#endif
generic_info=AcquireVirtualMemory(number_pixels,sizeof(*pixels));
if (generic_info == (MemoryInfo *) NULL)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
Reference in New Issue View Git Blame Copy Permalink