ImageMagick/ImageMagick-6.3.0.0-CVE-2006-5456.patch

--- coders/dcm.c
+++ coders/dcm.c
@@ -2950,7 +2950,7 @@
             /*
               Photometric interpretation.
             */
-            for (i=0; i < (long) length; i++)
+            for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)
               photometric[i]=(char) data[i];
             photometric[i]='\0';
             break;
--- coders/palm.c
+++ coders/palm.c
@@ -398,7 +398,7 @@
               image->compression=RLECompression;
               for (i=0; i < (long) bytes_per_row; )
               {
-                count=ReadBlobByte(image);
+                count=Min(ReadBlobByte(image), bytes_per_row-i);
                 byte=ReadBlobByte(image);
                 (void) ResetMagickMemory(one_row+i,(int) byte,count);
                 i+=count;
@@ -431,6 +431,8 @@
       indexes=GetIndexes(image);
       if (bits_per_pixel == 16)
         {
+          if (image->columns > 2*bytes_per_row)
+            ThrowReaderException(CorruptImageError,"ImproperImageHeader");
           for (x=0; x < (long) image->columns; x++)
           {
             color16=(*ptr++ << 8);
@@ -447,6 +449,8 @@
           bit=8-bits_per_pixel;
           for (x=0; x < (long) image->columns; x++)
           {
+	    if (ptr - one_row >= bytes_per_row)
+              ThrowReaderException(CorruptImageError,"ImproperImageHeader");
             index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));
             indexes[x]=index;
             *q++=image->colormap[index];
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/ImageMagick?expand=0&rev=1 2007-01-15 22:49:14 +00:00			`--- coders/dcm.c`
			`+++ coders/dcm.c`
			`@@ -2950,7 +2950,7 @@`
			`/*`
			`Photometric interpretation.`
			`*/`
			`- for (i=0; i < (long) length; i++)`
			`+ for (i=0; i < (long) Min(length, MaxTextExtent-1); i++)`
			`photometric[i]=(char) data[i];`
			`photometric[i]='\0';`
			`break;`
			`--- coders/palm.c`
			`+++ coders/palm.c`
			`@@ -398,7 +398,7 @@`
			`image->compression=RLECompression;`
			`for (i=0; i < (long) bytes_per_row; )`
			`{`
			`- count=ReadBlobByte(image);`
			`+ count=Min(ReadBlobByte(image), bytes_per_row-i);`
			`byte=ReadBlobByte(image);`
			`(void) ResetMagickMemory(one_row+i,(int) byte,count);`
			`i+=count;`
			`@@ -431,6 +431,8 @@`
			`indexes=GetIndexes(image);`
			`if (bits_per_pixel == 16)`
			`{`
			`+ if (image->columns > 2*bytes_per_row)`
			`+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");`
			`for (x=0; x < (long) image->columns; x++)`
			`{`
			`color16=(*ptr++ << 8);`
			`@@ -447,6 +449,8 @@`
			`bit=8-bits_per_pixel;`
			`for (x=0; x < (long) image->columns; x++)`
			`{`
			`+ if (ptr - one_row >= bytes_per_row)`
			`+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");`
			`index=(IndexPacket) (mask-(((*ptr) & (mask << bit)) >> bit));`
			`indexes[x]=index;`
			`*q++=image->colormap[index];`