File _service:tar_scm:CVE-2022-3213-pre1.patch of Package ImageMagick

From a854a0a8af977a1b67830f02a53d9eb4d877e10d Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 21 Jun 2022 15:06:58 -0400
Subject: [PATCH] prevent possible buffer overflow

---
 coders/tiff.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index 49c1677cb7..2b64958930 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1903,9 +1903,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         */
         extent=(samples_per_pixel+1)*TIFFStripSize(tiff);
 #if defined(TIFF_VERSION_BIG)
-        extent+=image->columns*sizeof(uint64);
+        extent+=samples_per_pixel*sizeof(uint64);
 #else
-        extent+=image->columns*sizeof(uint32);
+        extent+=samples_per_pixel*sizeof(uint64);
 #endif
         strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
           sizeof(*strip_pixels));
@@ -2002,11 +2002,12 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         number_pixels=(MagickSizeType) columns*rows;
         if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
-        extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff));
+        extent=(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+          TIFFTileSize(tiff));
 #if defined(TIFF_VERSION_BIG)
-        extent+=image->columns*sizeof(uint64);
+        extent+=samples_per_pixel*sizeof(uint64);
 #else
-        extent+=image->columns*sizeof(uint32);
+        extent+=samples_per_pixel*sizeof(uint32);
 #endif
         tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
           sizeof(*tile_pixels));
@@ -2101,9 +2102,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
         number_pixels=(MagickSizeType) image->columns*image->rows;
 #if defined(TIFF_VERSION_BIG)
-        number_pixels+=image->columns*sizeof(uint64);
+        number_pixels+=samples_per_pixel*sizeof(uint64);
 #else
-        number_pixels+=image->columns*sizeof(uint32);
+        number_pixels+=samples_per_pixel*sizeof(uint32);
 #endif
         generic_info=AcquireVirtualMemory(number_pixels,sizeof(uint32));
         if (generic_info == (MemoryInfo *) NULL)