components/imagemagick/patches/CVE-2016-6491.patch
author John Beck <John.Beck@Oracle.COM>
Fri, 29 Jul 2016 06:17:40 -0700
branchs11u3-sru
changeset 6539 87c707918565
permissions -rw-r--r--
24374851 problem in UTILITY/IMAGEMAGICK
This patch comes from upstream:
https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
It can be removed once we upgrade to a release that has the fix, presumably
version 6.9.5-4 or later.

--- ImageMagick-6.9.5/magick/property.c.orig	2016-06-26 17:40:19.000000000 -0700
+++ ImageMagick-6.9.5/magick/property.c	2016-07-29 05:56:23.858967297 -0700
@@ -638,6 +638,11 @@
     if ((count & 0x01) == 0)
       (void) ReadPropertyByte(&info,&length);
     count=(ssize_t) ReadPropertyMSBLong(&info,&length);
+    if ((count < 0) || ((size_t) count > length))
+      {
+        length=0; 
+        continue;
+      }
     if ((*name != '\0') && (*name != '#'))
       if ((resource == (char *) NULL) || (LocaleCompare(name,resource) != 0))
         {