Filewatcher File Search
FTP Search
  
Directory (beta)
  
Content Search (beta)
   
pkg://ImageMagick-5.5.6-14.src.rpm:3565822/ImageMagick-5.5.6-overflow.patch  info  downloads

--- ImageMagick-5.5.6/coders/avi.c.ovflw	Sat Mar 01 19:59:24 2003
+++ ImageMagick-5.5.6/coders/avi.c	Thu Sep 23 12:03:42 2004
@@ -170,17 +170,24 @@
   register unsigned char
     *q;
 
+  unsigned char
+    *end;
+
   (void) memset(pixels,0,image->columns*image->rows);
   byte=0;
   x=0;
   q=pixels;
+  end=pixels + (size_t) image->columns*image->rows;
   for (y=0; y < (long) image->rows; )
   {
+    if (q < pixels || q  >= end)
+      break;
     count=ReadBlobByte(image);
     if (count == EOF)
       break;
     if (count != 0)
       {
+        count=Min((unsigned long)count, end - q);
         /*
           Encoded mode.
         */
@@ -230,6 +237,7 @@
             /*
               Absolute mode.
             */
+    	    count=Min((unsigned long)count, end - q);
             for (i=0; i < count; i++)
             {
               if (compression == 1)
--- ImageMagick-5.5.6/coders/bmp.c.ovflw	Sat Mar 01 19:59:25 2003
+++ ImageMagick-5.5.6/coders/bmp.c	Thu Sep 23 12:03:42 2004
@@ -186,20 +186,27 @@
   register unsigned char
     *q;
 
+  unsigned char
+    *end;
+
   assert(image != (Image *) NULL);
   assert(pixels != (unsigned char *) NULL);
   (void) LogMagickEvent(CoderEvent,GetMagickModule(),"  Decoding RLE pixels");
   (void) memset(pixels,0,image->columns*image->rows);
   byte=0;
   x=0;
   q=pixels;
+  end=pixels + (size_t) image->columns*image->rows;
   for (y=0; y < (long) image->rows; )
   {
+    if (q < pixels || q  >= end)
+      break;
     count=ReadBlobByte(image);
     if (count == EOF)
       break;
     if (count != 0)
       {
+        count=Min((unsigned long)count, end - q);
         /*
           Encoded mode.
         */
@@ -256,6 +263,7 @@
             /*
               Absolute mode.
             */
+    	    count=Min((unsigned long)count, end - q);
             if (compression == BI_RLE8)
               for (i=count; i != 0; --i)
                 *q++=ReadBlobByte(image);
--- ImageMagick-5.5.6/coders/dib.c.ovflw	Thu Mar 13 14:41:02 2003
+++ ImageMagick-5.5.6/coders/dib.c	Thu Sep 23 12:12:21 2004
@@ -156,19 +156,26 @@
   register unsigned char
     *q;
 
+  unsigned char
+    *end;
+
   assert(image != (Image *) NULL);
   assert(pixels != (unsigned char *) NULL);
   (void) memset(pixels,0,image->columns*image->rows);
   byte=0;
   x=0;
   q=pixels;
+  end=pixels + (size_t) image->columns*image->rows;
   for (y=0; y < (long) image->rows; )
   {
+    if (q < pixels || q  >= end)
+      break;
     count=ReadBlobByte(image);
     if (count == EOF)
       break;
     if (count != 0)
       {
+        count=Min((unsigned long)count, end - q);
         /*
           Encoded mode.
         */
@@ -218,6 +225,7 @@
             /*
               Absolute mode.
             */
+    	    count=Min((unsigned long)count, end - q);
             for (i=0; i < count; i++)
             {
               if (compression == 1)
Results 1 - 1
Help - FTP Sites List - Software Dir.
Searching half a billion files worldwide
© 1997-2008 Oliver Maruhn