diff options
Diffstat (limited to 'gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch')
| -rw-r--r-- | gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch | 210 |
1 files changed, 0 insertions, 210 deletions
diff --git a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch b/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch deleted file mode 100644 index 8e1166ba7a..0000000000 --- a/gnu/packages/patches/graphicsmagick-CVE-2017-14649.patch +++ /dev/null @@ -1,210 +0,0 @@ -http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a -http://www.openwall.com/lists/oss-security/2017/09/22/2 - -Some changes were made to make the patch apply. - -Notably, the DestroyJNG() function in the upstream diff has been replaced by -its equivalent, a series of calls to MagickFreeMemory(), DestroyImageInfo(), -and DestroyImage(). See -http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5. - -# HG changeset patch -# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com> -# Date 1504014487 14400 -# Node ID 358608a46f0a9c55e9bb8b37d09bf1ac9bc87f06 -# Parent 38c362f0ae5e7a914c3fe822284c6953f8e6eee2 -Fix Issue 439 - -diff -ru a/coders/png.c b/coders/png.c ---- a/coders/png.c 1969-12-31 19:00:00.000000000 -0500 -+++ b/coders/png.c 2017-09-30 08:20:16.218944991 -0400 -@@ -1176,15 +1176,15 @@ - /* allocate space */ - if (length == 0) - { -- (void) ThrowException2(&image->exception,CoderWarning, -- "invalid profile length",(char *) NULL); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "invalid profile length"); - return (MagickFail); - } - info=MagickAllocateMemory(unsigned char *,length); - if (info == (unsigned char *) NULL) - { -- (void) ThrowException2(&image->exception,CoderWarning, -- "unable to copy profile",(char *) NULL); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "Unable to copy profile"); - return (MagickFail); - } - /* copy profile, skipping white space and column 1 "=" signs */ -@@ -1197,8 +1197,8 @@ - if (*sp == '\0') - { - MagickFreeMemory(info); -- (void) ThrowException2(&image->exception,CoderWarning, -- "ran out of profile data",(char *) NULL); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "ran out of profile data"); - return (MagickFail); - } - sp++; -@@ -1234,8 +1234,9 @@ - if(SetImageProfile(image,profile_name,info,length) == MagickFail) - { - MagickFreeMemory(info); -- (void) ThrowException(&image->exception,ResourceLimitError, -- MemoryAllocationFailed,"unable to copy profile"); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ "unable to copy profile"); -+ return MagickFail; - } - MagickFreeMemory(info); - return MagickTrue; -@@ -3285,7 +3286,6 @@ - if (status == MagickFalse) - { - DestroyJNGInfo(color_image_info,alpha_image_info); -- DestroyImage(alpha_image); - (void) LogMagickEvent(CoderEvent,GetMagickModule(), - " could not allocate alpha_image blob"); - return ((Image *)NULL); -@@ -3534,7 +3534,7 @@ - CloseBlob(color_image); - if (logging) - (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- " Reading jng_image from color_blob."); -+ " Reading jng_image from color_blob."); - - FormatString(color_image_info->filename,"%.1024s",color_image->filename); - -@@ -3558,13 +3558,18 @@ - - if (logging) - (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- " Copying jng_image pixels to main image."); -+ " Copying jng_image pixels to main image."); - image->rows=jng_height; - image->columns=jng_width; - length=image->columns*sizeof(PixelPacket); -+ if ((jng_height == 0 || jng_width == 0) && logging) -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " jng_width=%lu jng_height=%lu", -+ (unsigned long)jng_width,(unsigned long)jng_height); - for (y=0; y < (long) image->rows; y++) - { -- s=AcquireImagePixels(jng_image,0,y,image->columns,1,&image->exception); -+ s=AcquireImagePixels(jng_image,0,y,image->columns,1, -+ &image->exception); - q=SetImagePixels(image,0,y,image->columns,1); - (void) memcpy(q,s,length); - if (!SyncImagePixels(image)) -@@ -3589,45 +3594,79 @@ - CloseBlob(alpha_image); - if (logging) - (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- " Reading opacity from alpha_blob."); -+ " Reading opacity from alpha_blob."); - - FormatString(alpha_image_info->filename,"%.1024s", - alpha_image->filename); - - jng_image=ReadImage(alpha_image_info,exception); - -- for (y=0; y < (long) image->rows; y++) -+ if (jng_image == (Image *)NULL) - { -- s=AcquireImagePixels(jng_image,0,y,image->columns,1, -- &image->exception); -- if (image->matte) -- { -- q=SetImagePixels(image,0,y,image->columns,1); -- for (x=(long) image->columns; x > 0; x--,q++,s++) -- q->opacity=(Quantum) MaxRGB-s->red; -- } -- else -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " jng_image is NULL."); -+ if (color_image_info) -+ DestroyImageInfo(color_image_info); -+ if (alpha_image_info) -+ DestroyImageInfo(alpha_image_info); -+ if (color_image) -+ DestroyImage(color_image); -+ if (alpha_image) -+ DestroyImage(alpha_image); -+ } -+ else -+ { -+ -+ if (logging) - { -- q=SetImagePixels(image,0,y,image->columns,1); -- for (x=(long) image->columns; x > 0; x--,q++,s++) -- { -- q->opacity=(Quantum) MaxRGB-s->red; -- if (q->opacity != OpaqueOpacity) -- image->matte=MagickTrue; -- } -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " Read jng_image."); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " jng_image->width=%lu, jng_image->height=%lu", -+ (unsigned long)jng_width,(unsigned long)jng_height); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " image->rows=%lu, image->columns=%lu", -+ (unsigned long)image->rows, -+ (unsigned long)image->columns); - } -- if (!SyncImagePixels(image)) -- break; -- } -- (void) LiberateUniqueFileResource(alpha_image->filename); -- DestroyImage(alpha_image); -- alpha_image = (Image *)NULL; -- DestroyImageInfo(alpha_image_info); -- alpha_image_info = (ImageInfo *)NULL; -- (void) LogMagickEvent(CoderEvent,GetMagickModule(), -- " Destroy the JNG image"); -- DestroyImage(jng_image); -- jng_image = (Image *)NULL; -+ -+ for (y=0; y < (long) image->rows; y++) -+ { -+ s=AcquireImagePixels(jng_image,0,y,image->columns,1, -+ &image->exception); -+ if (image->matte) -+ { -+ q=SetImagePixels(image,0,y,image->columns,1); -+ for (x=(long) image->columns; x > 0; x--,q++,s++) -+ q->opacity=(Quantum) MaxRGB-s->red; -+ } -+ else -+ { -+ q=SetImagePixels(image,0,y,image->columns,1); -+ for (x=(long) image->columns; x > 0; x--,q++,s++) -+ { -+ q->opacity=(Quantum) MaxRGB-s->red; -+ if (q->opacity != OpaqueOpacity) -+ image->matte=MagickTrue; -+ } -+ } -+ if (!SyncImagePixels(image)) -+ break; -+ } -+ (void) LiberateUniqueFileResource(alpha_image->filename); -+ if (color_image_info) -+ DestroyImageInfo(color_image_info); -+ if (alpha_image_info) -+ DestroyImageInfo(alpha_image_info); -+ if (color_image) -+ DestroyImage(color_image); -+ if (alpha_image) -+ DestroyImage(alpha_image); -+ (void) LogMagickEvent(CoderEvent,GetMagickModule(), -+ " Destroy the JNG image"); -+ DestroyImage(jng_image); -+ jng_image = (Image *)NULL; -+ } - } - } |