unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
blob b15c1d08797246c86c4bf3ec0b5189ef9fb54cf2 1010 bytes (raw)
name: gnu/packages/patches/imagemagick-CVE-2020-27829.patch 	 # note: path name is non-authoritative(*)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27

 
We omit the ChangeLog changes below, since they do not apply cleanly.


From 6ee5059cd3ac8d82714a1ab1321399b88539abf0 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 30 Nov 2020 16:26:59 +0000
Subject: [PATCH] possible TIFF related-heap buffer overflow (alert & POC by
 Hardik Shah)

---
 ChangeLog     | 6 ++++++
 coders/tiff.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/coders/tiff.c b/coders/tiff.c
index e98f927ab..1eecf17ae 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1975,7 +1975,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
         extent+=image->columns*sizeof(uint32);
 #endif
         strip_pixels=(unsigned char *) AcquireQuantumMemory(extent,
-          sizeof(*strip_pixels));
+          2*sizeof(*strip_pixels));
         if (strip_pixels == (unsigned char *) NULL)
           ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
         (void) memset(strip_pixels,0,extent*sizeof(*strip_pixels));

debug log:

solving b15c1d0879 ...
found b15c1d0879 in https://git.savannah.gnu.org/cgit/guix.git

(*) Git path names are given by the tree(s) the blob belongs to.
    Blobs themselves have no identifier aside from the hash of its contents.^
Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).