6d7d9d9507
* gnu/packages/patches/graphicsmagick-CVE-2017-12935.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12936.patch, gnu/packages/patches/graphicsmagick-CVE-2017-12937.patch: New files. * gnu/local.mk (dist_patch_DATA): Add them. * gnu/packages/imagemagick.scm (graphicsmagick)[source]: Use them.
28 lines
1.3 KiB
Diff
28 lines
1.3 KiB
Diff
This patch comes from http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188.
|
|
|
|
diff -ur a/coders/png.c b/coders/png.c
|
|
--- a/coders/png.c 2017-07-04 17:32:08.000000000 -0400
|
|
+++ b/coders/png.c 2017-08-19 11:16:20.933969362 -0400
|
|
@@ -4101,11 +4101,17 @@
|
|
mng_info->image=image;
|
|
}
|
|
|
|
- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
|
|
- > 65535L))
|
|
- (void) ThrowException(&image->exception,ImageError,
|
|
- WidthOrHeightExceedsLimit,
|
|
- image->filename);
|
|
+ if ((mng_info->mng_width > 65535L) ||
|
|
+ (mng_info->mng_height > 65535L))
|
|
+ {
|
|
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
|
|
+ " MNG width or height is too large: %lu, %lu",
|
|
+ mng_info->mng_width,mng_info->mng_height);
|
|
+ MagickFreeMemory(chunk);
|
|
+ ThrowReaderException(CorruptImageError,
|
|
+ ImproperImageHeader,image);
|
|
+ }
|
|
+
|
|
FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
|
|
mng_info->mng_height);
|
|
mng_info->frame.left=0;
|