Backport of security bug and problem

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

Backport of security bug and problem

Post by broucaries » 2014-12-27T12:50:58-07:00

Hi,

http://trac.imagemagick.org/changeset/17297 is problematic.

Try convert rose: rose.xpm
then display rose.xpm

Have you an idea ?

Bastien

User avatar
magick
Site Admin
Posts: 10996
Joined: 2003-05-31T11:32:55-07:00

Re: Backport of security bug and problem

Post by magick » 2014-12-27T13:04:57-07:00

We reverted this patch in Subversion until we can investigate and come up with a proper patch. Thanks for alerting us to the problem.

broucaries
Posts: 467
Joined: 2008-12-21T11:51:10-07:00

Re: Backport of security bug and problem

Post by broucaries » 2014-12-28T06:36:26-07:00

The original reporter propose a new patch:

https://bugs.debian.org/773980

What do you think ?

Bastien

User avatar
magick
Site Admin
Posts: 10996
Joined: 2003-05-31T11:32:55-07:00

Re: Backport of security bug and problem

Post by magick » 2014-12-28T07:01:22-07:00

That patch works along with a slight mod to CopyXPMColor():

Code: Select all

static size_t CopyXPMColor(char *destination,const char *source,size_t length)
{
  register const char
    *p;

  p=source;
  while (length-- && (*p != '\0'))
    *destination++=(*p++);
  if (length != 0)
    *destination='\0';
  return((size_t) (p-source));
}

Post Reply