Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://www.imagemagick.org/discourse-server/

Backport of security bug and problem

https://www.imagemagick.org/discourse-server/viewtopic.php?t=26787

Page 1 of 1

Backport of security bug and problem

Posted: 2014-12-27T12:50:58-07:00
by broucaries
Hi,

http://trac.imagemagick.org/changeset/17297 is problematic.

Try convert rose: rose.xpm
then display rose.xpm

Have you an idea ?

Bastien

Re: Backport of security bug and problem

Posted: 2014-12-27T13:04:57-07:00
by magick
We reverted this patch in Subversion until we can investigate and come up with a proper patch. Thanks for alerting us to the problem.

Re: Backport of security bug and problem

Posted: 2014-12-28T06:36:26-07:00
by broucaries
The original reporter propose a new patch:

https://bugs.debian.org/773980

What do you think ?

Bastien

Re: Backport of security bug and problem

Posted: 2014-12-28T07:01:22-07:00
by magick
That patch works along with a slight mod to CopyXPMColor():

Code: Select all

static size_t CopyXPMColor(char *destination,const char *source,size_t length)
{
  register const char
    *p;

  p=source;
  while (length-- && (*p != '\0'))
    *destination++=(*p++);
  if (length != 0)
    *destination='\0';
  return((size_t) (p-source));
}
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited