mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-27 23:02:16 -05:00
28 lines
1,010 B
Diff
28 lines
1,010 B
Diff
|
We omit the ChangeLog changes below, since they do not apply cleanly.
|
||
|
|
||
|
|
||
|
From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
|
||
|
From: Cristy <urban-warrior@imagemagick.org>
|
||
|
Date: Mon, 30 Nov 2020 16:26:59 +0000
|
||
|
Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
|
||
|
Hardik Shah)
|
||
|
|
||
|
---
|
||
|
ChangeLog | 6 ++++++
|
||
|
coders/tiff.c | 2 +-
|
||
|
2 files changed, 7 insertions(+), 1 deletion(-)
|
||
|
|
||
|
diff --git a/coders/tiff.c b/coders/tiff.c
|
||
|
index e98f927ab..1eecf17ae 100644
|
||
|
--- a/coders/tiff.c
|
||
|
+++ b/coders/tiff.c
|
||
|
@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
|
||
|
extent+=image->columns*sizeof(uint32);
|
||
|
#endif
|
||
|
strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
||
|
- sizeof(*strip_pixels));
|
||
|
+ 2*sizeof(*strip_pixels));
|
||
|
if (strip_pixels == (unsigned char *) NULL)
|
||
|
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||
|
(void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));
|