File ImageMagick-CVE-2020-27772.patch of Package ImageMagick.30955

Overview Repositories Revisions Requests Users Attributes Meta

File ImageMagick-CVE-2020-27772.patch of Package ImageMagick.30955

Index: ImageMagick-7.0.7-34/coders/bmp.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/bmp.c	2020-12-07 15:15:37.990680742 +0100
+++ ImageMagick-7.0.7-34/coders/bmp.c	2020-12-07 15:16:16.878941021 +0100
@@ -2233,6 +2233,45 @@ static MagickBooleanType WriteBMPImage(c
         (void) WriteBlobLSBLong(image,bmp_info.blue_mask);
         (void) WriteBlobLSBLong(image,bmp_info.alpha_mask);
         (void) WriteBlobLSBLong(image,0x73524742U);  /* sRGB */
+
+        // bounds check, assign .0 if invalid value
+        if( isgreater(image->chromaticity.red_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.red_primary.x, 0.0)) {
+          image->chromaticity.red_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.red_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.red_primary.y, 0.0)) {
+          image->chromaticity.red_primary.y = 0.0;
+        }
+        if( isgreater(image->chromaticity.green_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.green_primary.x, 0.0)) {
+          image->chromaticity.green_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.green_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.green_primary.y, 0.0)) {
+          image->chromaticity.green_primary.y = 0.0;
+        }
+        if( isgreater(image->chromaticity.blue_primary.x, 1.0) ||
+           !isgreater(image->chromaticity.blue_primary.x, 0.0)) {
+          image->chromaticity.blue_primary.x = 0.0;
+        }
+        if( isgreater(image->chromaticity.blue_primary.y, 1.0) ||
+           !isgreater(image->chromaticity.blue_primary.y, 0.0)) {
+          image->chromaticity.blue_primary.y = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.x, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.x, 0.0)) {
+          bmp_info.gamma_scale.x = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.y, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.y, 0.0)) {
+          bmp_info.gamma_scale.y = 0.0;
+        }
+        if( isgreater(bmp_info.gamma_scale.z, 1.0) ||
+           !isgreater(bmp_info.gamma_scale.z, 0.0)) {
+          bmp_info.gamma_scale.z = 0.0;
+        }
+
         (void) WriteBlobLSBLong(image,(unsigned int)
           (image->chromaticity.red_primary.x*0x40000000));
         (void) WriteBlobLSBLong(image,(unsigned int)

Places

File ImageMagick-CVE-2020-27772.patch of Package ImageMagick.30955

Places