Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
graphicsmagick: patch for CVE-2017-6335
(cherry picked from commit 7b70690)
- Loading branch information
Showing
2 changed files
with
37 additions
and
0 deletions.
There are no files selected for viewing
36 changes: 36 additions & 0 deletions
36
pkgs/applications/graphics/graphicsmagick/cmyka-bounds.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
# HG changeset patch | ||
# User Bob Friesenhahn <bfriesen@GraphicsMagick.org> | ||
# Date 1487905610 21600 | ||
# Node ID 6156b4c2992d855ece6079653b3b93c3229fc4b8 | ||
# Parent 0392c4305a4369984ec8069055acc470c0a73647 | ||
Fix out of bounds access when reading CMYKA tiff which claims wrong samples/pixel. | ||
|
||
diff -r 0392c4305a43 -r 6156b4c2992d coders/tiff.c | ||
--- a/coders/tiff.c Sun Jan 29 10:04:57 2017 -0600 | ||
+++ b/coders/tiff.c Thu Feb 23 21:06:50 2017 -0600 | ||
@@ -1230,8 +1230,8 @@ | ||
case 0: | ||
if (samples_per_pixel == 1) | ||
*quantum_type=GrayQuantum; | ||
- else | ||
- *quantum_type=RedQuantum; | ||
+ else | ||
+ *quantum_type=RedQuantum; | ||
break; | ||
case 1: | ||
*quantum_type=GreenQuantum; | ||
@@ -1411,12 +1411,12 @@ | ||
} | ||
else | ||
{ | ||
- if (image->matte) | ||
+ if (image->matte && samples_per_pixel >= 5) | ||
{ | ||
*quantum_type=CMYKAQuantum; | ||
*quantum_samples=5; | ||
} | ||
- else | ||
+ else if (samples_per_pixel >= 4) | ||
{ | ||
*quantum_type=CMYKQuantum; | ||
*quantum_samples=4; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters