Sophie

Sophie

distrib > Mageia > 5 > x86_64 > by-pkgid > 857b723175ea1d5f45c5b31f25037f76 > files > 52

imagemagick-6.8.9.9-4.2.mga5.src.rpm

From ea8937daf9ec019463e832904eac7234957ee0dc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
Date: Fri, 31 Jul 2015 19:08:37 +0200
Subject: Fix a miff security bug

Specially crafted MIFF file could lead to DOS by using excessive CPU.

Fix TEMP-0000000-FDAC72

origin: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17854 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74
---
 coders/miff.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/coders/miff.c b/coders/miff.c
index 449bbe3..4cce4fa 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1385,6 +1385,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
           bzip_info.avail_out=(unsigned int) (packet_size*image->columns);
           do
           {
+            int
+              code;
+
             if (bzip_info.avail_in == 0)
               {
                 bzip_info.next_in=(char *) compress_pixels;
@@ -1394,7 +1397,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
                 bzip_info.avail_in=(unsigned int) ReadBlob(image,length,
                   (unsigned char *) bzip_info.next_in);
               }
-            if (BZ2_bzDecompress(&bzip_info) == BZ_STREAM_END)
+            code=BZ2_bzDecompress(&bzip_info);
+            if (code < 0)
+              {
+                status=MagickFalse;
+                break;
+              }
+            if (code == BZ_STREAM_END)
               break;
           } while (bzip_info.avail_out != 0);
           (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
@@ -1441,6 +1450,9 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
           zip_info.avail_out=(uInt) (packet_size*image->columns);
           do
           {
+            int
+              code;
+
             if (zip_info.avail_in == 0)
               {
                 zip_info.next_in=compress_pixels;
@@ -1450,7 +1462,13 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
                 zip_info.avail_in=(unsigned int) ReadBlob(image,length,
                   zip_info.next_in);
               }
-            if (inflate(&zip_info,Z_SYNC_FLUSH) == Z_STREAM_END)
+            code=inflate(&zip_info,Z_SYNC_FLUSH);
+            if (code < 0)
+              {
+                status=MagickFalse;
+                break;
+              }
+            if (code == Z_STREAM_END)
               break;
           } while (zip_info.avail_out != 0);
           (void) ImportQuantumPixels(image,(CacheView *) NULL,quantum_info,
-- 
cgit v0.11.2

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional