diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2017-04-25 17:35:54 +0200 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2017-04-26 09:20:16 +0200 |
| commit | 665560856edfcdd18b2053e26bc8a44754dffca2 (patch) | |
| tree | 5c6df85c277cbab1c174a5686795c9534601ad71 /package/imagemagick | |
| parent | 7daae8362be2060527fe1429fa640c325b477d27 (diff) | |
| download | buildroot-665560856edfcdd18b2053e26bc8a44754dffca2.tar.gz buildroot-665560856edfcdd18b2053e26bc8a44754dffca2.zip | |
imagemagick: add upstream security fix for CVE-2017-7606
This is not yet part of any release.
coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.
For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/imagemagick')
| -rw-r--r-- | package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch new file mode 100644 index 0000000000..943679eda3 --- /dev/null +++ b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch @@ -0,0 +1,52 @@ +From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001 +From: Cristy <urban-warrior@imagemagick.org> +Date: Fri, 31 Mar 2017 15:24:33 -0400 +Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415 + +Fixes CVE-2017-7606 + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + coders/pnm.c | 2 +- + coders/rle.c | 5 +++-- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/coders/pnm.c b/coders/pnm.c +index 9a1221d79..c525ebb8f 100644 +--- a/coders/pnm.c ++++ b/coders/pnm.c +@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image, + pixel=ScaleQuantumToChar(GetPixelRed(image,p)); + else + pixel=ScaleQuantumToAny(GetPixelRed(image,p), +- max_value); ++ max_value); + } + q=PopCharPixel((unsigned char) pixel,q); + p+=GetPixelChannels(image); +diff --git a/coders/rle.c b/coders/rle.c +index 2318901ec..ec071dc7b 100644 +--- a/coders/rle.c ++++ b/coders/rle.c +@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + p=colormap; + for (i=0; i < (ssize_t) number_colormaps; i++) + for (x=0; x < (ssize_t) map_length; x++) +- *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image)); ++ *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum( ++ ReadBlobLSBShort(image))); + } + if ((flags & 0x08) != 0) + { +@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception) + for (x=0; x < (ssize_t) number_planes; x++) + { + ValidateColormapValue(image,(size_t) (x*map_length+ +- (*p & mask)),&index,exception); ++ (*p & mask)),&index,exception); + *p=colormap[(ssize_t) index]; + p++; + } +-- +2.11.0 + |
