summaryrefslogtreecommitdiff
path: root/gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch
blob: 2cb3d46f62aa39f1fea1deb1ae4c4dde8e1d7fb8 (about) (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.

diff -ur a/coders/png.c b/coders/png.c
--- a/coders/png.c	2017-07-04 17:32:08.000000000 -0400
+++ b/coders/png.c	2017-08-19 11:16:20.933969362 -0400
@@ -4101,11 +4101,17 @@
                   mng_info->image=image;
                 }
 
-              if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
-                                                     > 65535L))
-                (void) ThrowException(&image->exception,ImageError,
-                                      WidthOrHeightExceedsLimit,
-                                      image->filename);
+              if ((mng_info->mng_width > 65535L) ||
+                  (mng_info->mng_height > 65535L))
+                {
+                  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                      "  MNG width or height is too large: %lu, %lu",
+                      mng_info->mng_width,mng_info->mng_height);
+                  MagickFreeMemory(chunk);
+                  ThrowReaderException(CorruptImageError,
+                     ImproperImageHeader,image);
+                }
+
               FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
                            mng_info->mng_height);
               mng_info->frame.left=0;