nixo
/
guix-devel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
guix-devel/gnu/packages/patches/graphicsmagick-CVE-2017-129...

29 lines
1.3 KiB
Diff
Raw Normal View History

gnu: graphicsmagick: Fix CVE-2017-{12935,12936,12937}. * gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them.
2017-08-19 17:39:33 +02:00
This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
diff -ur a/coders/png.c b/coders/png.c
--- a/coders/png.c 2017-07-04 17:32:08.000000000 -0400
+++ b/coders/png.c 2017-08-19 11:16:20.933969362 -0400
@@ -4101,11 +4101,17 @@
mng_info->image=image;
}
- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
- > 65535L))
- (void) ThrowException(&image->exception,ImageError,
- WidthOrHeightExceedsLimit,
- image->filename);
+ if ((mng_info->mng_width > 65535L) ||
+ (mng_info->mng_height > 65535L))
+ {
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ " MNG width or height is too large: %lu, %lu",
+ mng_info->mng_width,mng_info->mng_height);
+ MagickFreeMemory(chunk);
+ ThrowReaderException(CorruptImageError,
+ ImproperImageHeader,image);
+ }
+
FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
mng_info->mng_height);
mng_info->frame.left=0;