Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/imagemagick/patches/CVE-2014-1958.patch
author Tomas Klacko <tomas.klacko@oracle.com>
Mon, 16 Mar 2015 02:51:38 -0700
branchs11-update
changeset 3948 568dd7b9cf04
parent 2985 8d0f13e7dd0c
permissions -rw-r--r--
20393612 silence debug info "Reallocating sreaddir buffer from 14 entries to 28 entries"

# This comes from upstream:
# http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=25128

--- ImageMagick-6.8.3/coders/psd.c	2013-01-23 15:50:19.000000000 -0800
+++ ImageMagick-6.8.3/coders/psd.c	2014-03-03 07:53:58.415170102 -0800
@@ -269,13 +269,15 @@
   packets=(ssize_t) number_compact_pixels;
   for (i=0; (packets > 1) && (i < (ssize_t) number_pixels); )
   {
-    length=(*compact_pixels++);
+    length=(size_t) (*compact_pixels++);
     packets--;
     if (length == 128)
       continue;
     if (length > 128)
       {
         length=256-length+1;
+        if ((ssize_t) length + i > (ssize_t) number_pixels) 
+          length=number_pixels-(size_t) i; 
         pixel=(*compact_pixels++);
         packets--;
         for (j=0; j < (ssize_t) length; j++)
@@ -322,6 +324,8 @@
         continue;
       }
     length++;
+    if ((ssize_t) length + i > (ssize_t) number_pixels) 
+      length=number_pixels-(size_t) i; 
     for (j=0; j < (ssize_t) length; j++)
     {
       switch (depth)
upstream/oracle/userland-gate