rpms / ImageMagick

Clone
Source Code
GIT

Blame SOURCES/ImageMagick-cve-2016-5240.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c9s-sig-cloud-openstack-xena
  1.   b7c0725cf64caacf4246d74a567a0845d813ba8e
  2.   SOURCES
  3.   ImageMagick-cve-2016-5240.patch
Blob History Raw
b7c072 
diff -up ImageMagick-6.7.8-9/magick/draw.c.svg-endless-loop ImageMagick-6.7.8-9/magick/draw.c
b7c072 
--- ImageMagick-6.7.8-9/magick/draw.c.svg-endless-loop	2012-07-30 14:28:56.000000000 +0200
b7c072 
+++ ImageMagick-6.7.8-9/magick/draw.c	2016-06-03 13:54:20.337142553 +0200
b7c072 
@@ -1569,7 +1569,7 @@ static MagickBooleanType DrawDashPolygon
b7c072 
   status=MagickTrue;
b7c072 
   maximum_length=0.0;
b7c072 
   total_length=0.0;
b7c072 
-  for (i=1; i < (ssize_t) number_vertices; i++)
b7c072 
+  for (i=1; (i < (ssize_t) number_vertices) && (length >= 0.0); i++)
b7c072 
   {
b7c072 
     dx=primitive_info[i].point.x-primitive_info[i-1].point.x;
b7c072 
     dy=primitive_info[i].point.y-primitive_info[i-1].point.y;
b7c072 
@@ -1581,7 +1581,7 @@ static MagickBooleanType DrawDashPolygon
b7c072 
           n=0;
b7c072 
         length=scale*(draw_info->dash_pattern[n]+(n == 0 ? -0.5 : 0.5));
b7c072 
       }
b7c072 
-    for (total_length=0.0; (total_length+length) <= maximum_length; )
b7c072 
+    for (total_length=0.0; (length >= 0.0) && (total_length+length) <= maximum_length; )
b7c072 
     {
b7c072 
       total_length+=length;
b7c072 
       if ((n & 0x01) != 0)
b7c072 
@@ -2561,9 +2561,7 @@ MagickExport MagickBooleanType DrawImage
b7c072 
           }
b7c072 
         if (LocaleCompare("stroke-dasharray",keyword) == 0)
b7c072 
           {
b7c072 
-            if (graphic_context[n]->dash_pattern != (double *) NULL)
b7c072 
-              graphic_context[n]->dash_pattern=(double *)
b7c072 
-                RelinquishMagickMemory(graphic_context[n]->dash_pattern);
b7c072 
+            graphic_context[n]->dash_pattern = RelinquishMagickMemory(graphic_context[n]->dash_pattern);
b7c072 
             if (IsPoint(q) != MagickFalse)
b7c072 
               {
b7c072 
                 const char
b7c072 
@@ -2596,7 +2594,14 @@ MagickExport MagickBooleanType DrawImage
b7c072 
                     GetMagickToken(q,&q,token);
b7c072 
                   graphic_context[n]->dash_pattern[j]=StringToDouble(token,
b7c072 
                     (char **) NULL);
b7c072 
+                  if (graphic_context[n]->dash_pattern[j] < 0.0)
b7c072 
+                    status=MagickFalse;
b7c072 
                 }
b7c072 
+                if (status == MagickFalse)
b7c072 
+                  {
b7c072 
+                    graphic_context[n]->dash_pattern = RelinquishMagickMemory(graphic_context[n]->dash_pattern);
b7c072 
+                    break;
b7c072 
+                  }
b7c072 
                 if ((x & 0x01) != 0)
b7c072 
                   for ( ; j < (2*x); j++)
b7c072 
                     graphic_context[n]->dash_pattern[j]=

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation