imagemagick: add upstream security fix for CVE-2017-7606

Message ID	20170425153554.27006-1-peter@korsgaard.com
State	Accepted
Commit	665560856edfcdd18b2053e26bc8a44754dffca2
Headers	show Return-Path: <buildroot-bounces@busybox.net> From: Peter Korsgaard <peter@korsgaard.com> To: buildroot@buildroot.org Date: Tue, 25 Apr 2017 17:35:54 +0200 Message-Id: <20170425153554.27006-1-peter@korsgaard.com> Subject: [Buildroot] [PATCH] imagemagick: add upstream security fix for CVE-2017-7606 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" <buildroot-bounces@busybox.net>

Message ID

20170425153554.27006-1-peter@korsgaard.com

State

Accepted

Commit

665560856edfcdd18b2053e26bc8a44754dffca2

Headers

From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@buildroot.org
Date: Tue, 25 Apr 2017 17:35:54 +0200
Message-Id: <20170425153554.27006-1-peter@korsgaard.com>
Subject: [Buildroot] [PATCH] imagemagick: add upstream security fix for
	CVE-2017-7606
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: buildroot-bounces@busybox.net
Sender: "buildroot" <buildroot-bounces@busybox.net>

Commit Message

Peter Korsgaard April 25, 2017, 3:35 p.m. UTC

This is not yet part of any release.

coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
representable values of type unsigned char" undefined behavior issue, which
might allow remote attackers to cause a denial of service (application
crash) or possibly have unspecified other impact via a crafted image.

For more details, see:
https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 ...ub.com-ImageMagick-ImageMagick-issues-415.patch | 52 ++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch

Comments

Peter Korsgaard April 26, 2017, 7:12 a.m. UTC | #1

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > This is not yet part of any release.
 > coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
 > representable values of type unsigned char" undefined behavior issue, which
 > might allow remote attackers to cause a denial of service (application
 > crash) or possibly have unspecified other impact via a crafted image.

 > For more details, see:
 > https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed, thanks.

Peter Korsgaard April 28, 2017, 12:28 p.m. UTC | #2

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

 > This is not yet part of any release.
 > coders/rle.c in ImageMagick 7.0.5-4 has an "outside the range of
 > representable values of type unsigned char" undefined behavior issue, which
 > might allow remote attackers to cause a denial of service (application
 > crash) or possibly have unspecified other impact via a crafted image.

 > For more details, see:
 > https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/

 > Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

Committed to 2017.02.x, thanks.

diff --git a/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
new file mode 100644
index 000000000..943679eda
--- /dev/null
+++ b/package/imagemagick/0001-https-github.com-ImageMagick-ImageMagick-issues-415.patch
@@ -0,0 +1,52 @@ 
+From b218117cad34d39b9ffb587b45c71c5a49b12bde Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Fri, 31 Mar 2017 15:24:33 -0400
+Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/415
+
+Fixes CVE-2017-7606
+
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ coders/pnm.c | 2 +-
+ coders/rle.c | 5 +++--
+ 2 files changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/coders/pnm.c b/coders/pnm.c
+index 9a1221d79..c525ebb8f 100644
+--- a/coders/pnm.c
++++ b/coders/pnm.c
+@@ -1979,7 +1979,7 @@ static MagickBooleanType WritePNMImage(const ImageInfo *image_info,Image *image,
+                           pixel=ScaleQuantumToChar(GetPixelRed(image,p));
+                         else
+                           pixel=ScaleQuantumToAny(GetPixelRed(image,p),
+-                          max_value);
++                            max_value);
+                       }
+                     q=PopCharPixel((unsigned char) pixel,q);
+                     p+=GetPixelChannels(image);
+diff --git a/coders/rle.c b/coders/rle.c
+index 2318901ec..ec071dc7b 100644
+--- a/coders/rle.c
++++ b/coders/rle.c
+@@ -271,7 +271,8 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+         p=colormap;
+         for (i=0; i < (ssize_t) number_colormaps; i++)
+           for (x=0; x < (ssize_t) map_length; x++)
+-            *p++=(unsigned char) ScaleShortToQuantum(ReadBlobLSBShort(image));
++            *p++=(unsigned char) ScaleQuantumToChar(ScaleShortToQuantum(
++              ReadBlobLSBShort(image)));
+       }
+     if ((flags & 0x08) != 0)
+       {
+@@ -476,7 +477,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
+               for (x=0; x < (ssize_t) number_planes; x++)
+               {
+                 ValidateColormapValue(image,(size_t) (x*map_length+
+-                    (*p & mask)),&index,exception);
++                  (*p & mask)),&index,exception);
+                 *p=colormap[(ssize_t) index];
+                 p++;
+               }
+-- 
+2.11.0
+

imagemagick: add upstream security fix for CVE-2017-7606

Commit Message

Comments

Patch