Projects
Mega:23.03
ImageMagick
_service:tar_scm:CVE-2022-3213-pre1.patch
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:CVE-2022-3213-pre1.patch of Package ImageMagick
From a854a0a8af977a1b67830f02a53d9eb4d877e10d Mon Sep 17 00:00:00 2001 From: Cristy <urban-warrior@imagemagick.org> Date: Tue, 21 Jun 2022 15:06:58 -0400 Subject: [PATCH] prevent possible buffer overflow --- coders/tiff.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/coders/tiff.c b/coders/tiff.c index 49c1677cb7..2b64958930 100644 --- a/coders/tiff.c +++ b/coders/tiff.c @@ -1903,9 +1903,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, */ extent=(samples_per_pixel+1)*TIFFStripSize(tiff); #if defined(TIFF_VERSION_BIG) - extent+=image->columns*sizeof(uint64); + extent+=samples_per_pixel*sizeof(uint64); #else - extent+=image->columns*sizeof(uint32); + extent+=samples_per_pixel*sizeof(uint64); #endif strip_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*strip_pixels)); @@ -2002,11 +2002,12 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, number_pixels=(MagickSizeType) columns*rows; if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse) ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); - extent=4*MagickMax(rows*TIFFTileRowSize(tiff),TIFFTileSize(tiff)); + extent=(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff), + TIFFTileSize(tiff)); #if defined(TIFF_VERSION_BIG) - extent+=image->columns*sizeof(uint64); + extent+=samples_per_pixel*sizeof(uint64); #else - extent+=image->columns*sizeof(uint32); + extent+=samples_per_pixel*sizeof(uint32); #endif tile_pixels=(unsigned char *) AcquireQuantumMemory(extent, sizeof(*tile_pixels)); @@ -2101,9 +2102,9 @@ static Image *ReadTIFFImage(const ImageInfo *image_info, ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed"); number_pixels=(MagickSizeType) image->columns*image->rows; #if defined(TIFF_VERSION_BIG) - number_pixels+=image->columns*sizeof(uint64); + number_pixels+=samples_per_pixel*sizeof(uint64); #else - number_pixels+=image->columns*sizeof(uint32); + number_pixels+=samples_per_pixel*sizeof(uint32); #endif generic_info=AcquireVirtualMemory(number_pixels,sizeof(uint32)); if (generic_info == (MemoryInfo *) NULL)
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2