[magick-developers] Re: [Magick-announce] ImageMagick 6.3.5-9,
important security updates
arcanaimperii at imagemagick.org
arcanaimperii at imagemagick.org
Thu Sep 20 17:33:27 PDT 2007
> Do you already have CVEs assigned for these issues?
You'll need to contact iDefense for the numbers, we don't have them.
> Do you have the patches
There is a simple patch for ReadBlobString() of magick/blob.c. Change
for (i=0; i < MaxTextExtent; i++)
to
for (i=0; i < (MaxTextExtent-1L); i++)
The integer overflow problem was fixed by changing virtually all calls to
AcquireMagickMemory() and ResizeMagickMemory() to AcquireQuantumMemory()
and ResizeQuantumMemory() respectively:
MagickExport void *AcquireQuantumMemory(const size_t count,const size_t quantum)
{
size_t
size;
size=count*quantum;
if ((count == 0) || (quantum != (size/count)))
{
errno=ENOMEM;
return((void *) NULL);
}
return(AcquireMagickMemory(size));
}
MagickExport void *ResizeQuantumMemory(void *memory,const size_t count,
const size_t quantum)
{
size_t
size;
size=count*quantum;
if ((count == 0) || (quantum != (size/count)))
{
errno=ENOMEM;
return((void *) NULL);
}
return(ResizeMagickMemory(memory,size));
}
More information about the Magick-developers
mailing list