ALT Linux Bugzilla
– Attachment 697 Details for
Bug 5906
CAN-2005-0005 (buffer overflow in the PSD code)
New bug
|
Search
|
[?]
|
Help
Register
|
Log In
[x]
|
Forgot Password
Login:
[x]
|
EN
|
RU
[patch]
CAN-2005-0005 (adapted RH bugzilla == upstream)
ImageMagick-6.0.4-psd-CAN-2005-0005.patch (text/plain), 1.85 KB, created by
Michael Shigorin
on 2005-01-20 18:47:28 MSK
(
hide
)
Description:
CAN-2005-0005 (adapted RH bugzilla == upstream)
Filename:
MIME Type:
Creator:
Michael Shigorin
Created:
2005-01-20 18:47:28 MSK
Size:
1.85 KB
patch
obsolete
>diff -Naur ImageMagick-6.0.4-orig/coders/psd.c ImageMagick-6.0.4/coders/psd.c >--- ImageMagick-6.0.4-orig/coders/psd.c 2004-07-16 18:18:50 +0300 >+++ ImageMagick-6.0.4/coders/psd.c 2005-01-20 17:25:26 +0200 >@@ -508,6 +508,8 @@ > > static Image *ReadPSDImage(const ImageInfo *image_info,ExceptionInfo *exception) > { >+#define MaxPSDChannels 24 >+ > typedef struct _ChannelInfo > { > short int >@@ -527,7 +529,7 @@ > channels; > > ChannelInfo >- channel_info[24]; >+ channel_info[MaxPSDChannels]; > > char > blendkey[4]; >@@ -656,24 +658,21 @@ > count=ReadBlob(image,4,(unsigned char *) psd_info.signature); > psd_info.version=ReadBlobMSBShort(image); > if ((count == 0) || (LocaleNCompare(psd_info.signature,"8BPS",4) != 0) || >- (psd_info.version != 1)) { >- if (image->debug != MagickFalse) >- (void) LogMagickEvent(CoderEvent,GetMagickModule(), >- " File signature was %.4s instead of '8BPS'",psd_info.signature); >+ (psd_info.version != 1)) > ThrowReaderException(CorruptImageError,"ImproperImageHeader"); >- } > (void) ReadBlob(image,6,psd_info.reserved); > psd_info.channels=ReadBlobMSBShort(image); >+ if (psd_info.channels > MaxPSDChannels) >+ ThrowReaderException(CorruptImageError,"MaximumChannelsExceeded"); > psd_info.rows=ReadBlobMSBLong(image); > psd_info.columns=ReadBlobMSBLong(image); > psd_info.depth=ReadBlobMSBShort(image); > psd_info.mode=ReadBlobMSBShort(image); >- > if (image->debug != MagickFalse) > (void) LogMagickEvent(CoderEvent,GetMagickModule(), > " Image is %ld x %ld with channels=%d, depth=%d, mode=%s", >- psd_info.columns, psd_info.rows, psd_info.channels, >- psd_info.depth, ModeToString((PSDImageType) psd_info.mode)); >+ psd_info.columns,psd_info.rows,psd_info.channels,psd_info.depth, >+ ModeToString((PSDImageType) psd_info.mode)); > /* > Initialize image. > */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=697">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 5906
: 697
