summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'media-gfx/graphicsmagick/files')
-rw-r--r--media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch67
-rw-r--r--media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch38
-rw-r--r--media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch42
3 files changed, 147 insertions, 0 deletions
diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch
new file mode 100644
index 00000000000..b314ea288e4
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-CVE-2020-12672.patch
@@ -0,0 +1,67 @@
+diff -r 4917a4242fc0 -r 50395430a371 coders/png.c
+--- a/coders/png.c Fri May 01 13:49:13 2020 -0500
++++ b/coders/png.c Sat May 30 10:18:16 2020 -0500
+@@ -5304,7 +5304,7 @@
+ if (logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ "MAGN chunk (%lu bytes): "
+- "First_magnified_object_id=%u, Last_magnified_object_id=%u, "
++ "First_magnified_object_id=%u, Las t_magnified_object_id=%u, "
+ "MB=%u, ML=%u, MR=%u, MT=%u, MX=%u, MY=%u, "
+ "X_method=%u, Y_method=%u",
+ length,
+@@ -5679,6 +5679,8 @@
+ /*
+ If magnifying and a supported method is requested then
+ magnify the image.
++
++ http://www.libpng.org/pub/mng/spec/mng-1.0-20010209-pdg.html#mng-MAGN
+ */
+ if (((mng_info->magn_methx > 0) && (mng_info->magn_methx <= 5)) &&
+ ((mng_info->magn_methy > 0) && (mng_info->magn_methy <= 5)))
+@@ -5689,7 +5691,28 @@
+
+ if (logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+- " Processing MNG MAGN chunk");
++ " Processing MNG MAGN chunk: MB=%u, ML=%u,"
++ " MR=%u, MT=%u, MX=%u, MY=%u,"
++ " X_method=%u, Y_method=%u",
++ mng_info->magn_mb,mng_info->magn_ml,
++ mng_info->magn_mr,mng_info->magn_mt,
++ mng_info->magn_mx,mng_info->magn_my,
++ mng_info->magn_methx,
++ mng_info->magn_methy);
++
++ /*
++ If the image width is 1, then X magnification is done
++ by simple pixel replication.
++ */
++ if (image->columns == 1)
++ mng_info->magn_methx = 1;
++
++ /*
++ If the image height is 1, then Y magnification is done
++ by simple pixel replication.
++ */
++ if (image->rows == 1)
++ mng_info->magn_methy = 1;
+
+ if (mng_info->magn_methx == 1)
+ {
+@@ -5734,12 +5757,10 @@
+ Image
+ *large_image;
+
+- int
+- yy;
+-
+ long
+ m,
+- y;
++ y,
++ yy;
+
+ register long
+ x;
+
diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch
new file mode 100644
index 00000000000..c7921dd2e69
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-20045-20318-21956.patch
@@ -0,0 +1,38 @@
+diff -r 50395430a371 -r 83b4d2b4b873 coders/wpg.c
+--- a/coders/wpg.c Sat May 30 10:18:16 2020 -0500
++++ b/coders/wpg.c Sat May 30 17:33:51 2020 -0500
+@@ -403,7 +403,7 @@
+ x++; \
+ if((long) x>=ldblk) \
+ { \
+- if(InsertRow(BImgBuff,y,image,bpp)==MagickFail) RetVal=-6; \
++ if(InsertRow(BImgBuff,y,image,bpp)==MagickFail) { RetVal=-6; goto unpack_wpg_raser_error; } \
+ x=0; \
+ y++; \
+ if(y>=image->rows) break; \
+@@ -537,6 +537,7 @@
+ }
+ }
+ }
++unpack_wpg_raser_error:;
+ MagickFreeMemory(BImgBuff);
+ return(RetVal);
+ }
+@@ -552,7 +553,7 @@
+ x++; \
+ if((long) x >= ldblk) \
+ { \
+- if(InsertRow(BImgBuff,(long) y,image,bpp)==MagickFail) RetVal=-6; \
++ if(InsertRow(BImgBuff,(long) y,image,bpp)==MagickFail) { RetVal=-6; goto unpack_wpg2_error; } \
+ x=0; \
+ y++; \
+ XorMe = 0; \
+@@ -729,6 +730,7 @@
+ }
+ }
+ }
++unpack_wpg2_error:;
+ FreeUnpackWPG2RasterAllocs(BImgBuff,UpImgBuff);
+ return(RetVal);
+ }
+
diff --git a/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch
new file mode 100644
index 00000000000..197a230a340
--- /dev/null
+++ b/media-gfx/graphicsmagick/files/graphicsmagick-1.3.35-oss-fuzz-23042.patch
@@ -0,0 +1,42 @@
+diff -r 24ed4812e580 -r b0aa53a5f970 coders/wpg.c
+--- a/coders/wpg.c Tue Jun 02 07:45:45 2020 -0500
++++ b/coders/wpg.c Sat Jun 06 14:12:18 2020 -0500
+@@ -413,9 +413,12 @@
+
+ /** Call this function to ensure that all data matrix is filled with something. This function
+ * is used only to error recovery. */
+-static void ZeroFillMissingData(unsigned char *BImgBuff,unsigned long x, unsigned long y, Image *image,
+- int bpp, long ldblk)
++static MagickPassFail ZeroFillMissingData(unsigned char *BImgBuff,unsigned long x, unsigned long y, Image *image,
++ int bpp, long ldblk)
+ {
++ MagickPassFail
++ status = MagickPass;
++
+ while(y<image->rows && image->exception.severity!=UndefinedException)
+ {
+ if((long) x<ldblk)
+@@ -427,9 +430,13 @@
+ x = 0; /* Next pass will need to clear whole row */
+ }
+ if(InsertRow(BImgBuff,y,image,bpp) == MagickFail)
+- break;
++ {
++ status = MagickFail;
++ break;
++ }
+ y++;
+ }
++ return status;
+ }
+
+
+@@ -528,7 +535,6 @@
+ }
+ if(InsertRow(BImgBuff,y,image,bpp)==MagickFail)
+ {
+- ZeroFillMissingData(BImgBuff,x,y,image,bpp,ldblk);
+ MagickFreeMemory(BImgBuff);
+ return(-6);
+ }
+