File: 0067-CVE-2023-34151.patch

package info (click to toggle)
imagemagick 8%3A6.9.11.60%2Bdfsg-1.6%2Bdeb12u3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 76,816 kB
  • sloc: ansic: 349,503; cpp: 21,804; xml: 11,029; perl: 6,417; sh: 5,877; makefile: 3,042; tcl: 459
file content (72 lines) | stat: -rw-r--r-- 2,835 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
 
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 21 Feb 2022 11:55:23 -0500
Subject: CVE-2023-34151

This is a prerequist for fixing it

magick produces incorrect result possibly due to overflow

bug: https://github.com/ImageMagick/ImageMagick/issues/4870
origin: https://github.com/ImageMagick/ImageMagick6/commit/8b7b17c8fef72dab479e6ca676676d8c5e395dd6
---
 coders/txt.c           | 24 ++++++++++++------------
 magick/image-private.h | 11 +++++++++++
 2 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/coders/txt.c b/coders/txt.c
index 0e5c794..bca071f 100644
--- a/coders/txt.c
+++ b/coders/txt.c
@@ -573,18 +573,18 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception)
             green+=(range+1)/2.0;
             blue+=(range+1)/2.0;
           }
-        pixel.red=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
-          MagickMax(red+0.5,0.0),range);
-        pixel.green=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
-          MagickMax(green+0.5,0.0),range);
-        pixel.blue=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
-          MagickMax(blue+0.5,0.0),range);
-        pixel.index=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
-          MagickMax(index+0.5,0.0),range);
-        pixel.opacity=(MagickRealType) ScaleAnyToQuantum((QuantumAny)
-          MagickMax(opacity+0.5,0.0),range);
-        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),
-          CastDoubleToLong(y_offset),1,1,exception);
+        pixel.red=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+          red),range);
+        pixel.green=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+          green),range);
+        pixel.blue=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+          blue),range);
+        pixel.index=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+          index),range);
+        pixel.opacity=(MagickRealType) ScaleAnyToQuantum(CastDoubleToQuantumAny(
+          opacity),range);
+        q=GetAuthenticPixels(image,CastDoubleToLong(x_offset),CastDoubleToLong(
+          y_offset),1,1,exception);
         if (q == (PixelPacket *) NULL)
           {
             status=MagickFalse;
diff --git a/magick/image-private.h b/magick/image-private.h
index b269f33..fc7d4b4 100644
--- a/magick/image-private.h
+++ b/magick/image-private.h
@@ -84,6 +84,17 @@ static inline size_t CastDoubleToUnsigned(const double x)
   return((size_t) x);
 }
 
+static inline QuantumAny CastDoubleToQuantumAny(const double x)
+{
+  if (IsNaN(x) != 0)
+    return(0);
+  if (x > ((double) ((QuantumAny) ~0)))
+    return((QuantumAny) ~0);
+  if (x < 0.0)
+    return(0.0);
+  return((QuantumAny) (x+0.5));
+}
+
 static inline double DegreesToRadians(const double degrees)
 {
   return((double) (MagickPI*degrees/180.0));