helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-05-22 06:57:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

imagemagick: Fix patch-fuzz for fix-cipher-leak.patch

Browse Source 
Refresh fix-cipher-leak.patch to fix patch-fuzz issue.

Signed-off-by: Sana Kazi <sanakazi720@gmail.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
This commit is contained in:
Sana Kazi 2025-07-14 19:34:36 +05:30 committed by Gyorgy Sarvari
parent a626bfdf31
commit 89b98ccbfb
1 changed files with 34 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
meta-oe/recipes-support/imagemagick/files/fix-cipher-leak.patch
View File

@ -9,7 +9,7 @@ Subject: [PATCH] possible divide by zero + clear buffers
MagickCore/memory.c | 22 ++++++++++++++++------
MagickCore/signature.c | 2 +-
coders/thumbnail.c | 3 ++-
5 files changed, 41 insertions(+), 25 deletions(-)
5 files changed, 33 insertions(+), 22 deletions(-)
CVE: CVE-2021-20311
CVE: CVE-2021-20312
@ -19,35 +19,23 @@ Upstream-Status: Backport[https://github.com/ImageMagick/ImageMagick/commit/70aa
Comment: Refreshed patch based on the codebase
Signed-off-by: Sana Kazi Sana.Kazi@kpit.com
diff --git a/MagickCore/cipher.c b/MagickCore/cipher.c
index 057b11c4720..91ad1d1d662 100644
index 908266457..4548f0d60 100644
--- a/MagickCore/cipher.c
+++ b/MagickCore/cipher.c
@@ -484,8 +484,8 @@ static void EncipherAESBlock(AESInfo *ae
@@ -482,8 +482,8 @@ static void EncipherAESBlock(AESInfo *aes_info,const unsigned char *plaintext,
Reset registers.
*/
alpha=0;
- (void) memset(key,0,sizeof(key));
- (void) memset(text,0,sizeof(text));
+ (void) ResetMagickMemory(key,0,sizeof(key));
+ (void) ResetMagickMemory(text,0,sizeof(text));
+ (void) ResetMagickMemory(text,0,sizeof(text));
}
/*
@@ -708,8 +708,8 @@ MagickExport MagickBooleanType PasskeyDe
*/
quantum_info=DestroyQuantumInfo(quantum_info);
aes_info=DestroyAESInfo(aes_info);
- (void) memset(input_block,0,sizeof(input_block));
- (void) memset(output_block,0,sizeof(output_block));
+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
}
@@ -925,8 +925,8 @@ MagickExport MagickBooleanType PasskeyEn
@@ -706,8 +706,8 @@ MagickExport MagickBooleanType PasskeyDecipherImage(Image *image,
*/
quantum_info=DestroyQuantumInfo(quantum_info);
aes_info=DestroyAESInfo(aes_info);
@ -57,13 +45,23 @@ index 057b11c4720..91ad1d1d662 100644
+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
}
@@ -923,8 +923,8 @@ MagickExport MagickBooleanType PasskeyEncipherImage(Image *image,
*/
quantum_info=DestroyQuantumInfo(quantum_info);
aes_info=DestroyAESInfo(aes_info);
- (void) memset(input_block,0,sizeof(input_block));
- (void) memset(output_block,0,sizeof(output_block));
+ (void) ResetMagickMemory(input_block,0,sizeof(input_block));
+ (void) ResetMagickMemory(output_block,0,sizeof(output_block));
return(y == (ssize_t) image->rows ? MagickTrue : MagickFalse);
}
diff --git a/MagickCore/colorspace.c b/MagickCore/colorspace.c
index 2ffc72f88fa..e3b7df339f6 100644
index ac9f7e91b..b78b84b47 100644
--- a/MagickCore/colorspace.c
+++ b/MagickCore/colorspace.c
@@ -940,15 +940,15 @@ static MagickBooleanType sRGBTransformImage(Image *image,
@@ -850,15 +850,15 @@ static MagickBooleanType sRGBTransformImage(Image *image,
if (logmap == (Quantum *) NULL)
ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
image->filename);
@ -83,7 +81,7 @@ index 2ffc72f88fa..e3b7df339f6 100644
image_view=AcquireAuthenticCacheView(image,exception);
#if defined(MAGICKCORE_OPENMP_SUPPORT)
#pragma omp parallel for schedule(static) shared(status) \
@@ -2502,14 +2502,14 @@ static MagickBooleanType TransformsRGBImage(Image *image,
@@ -2394,14 +2394,14 @@ static MagickBooleanType TransformsRGBImage(Image *image,
if (logmap == (Quantum *) NULL)
ThrowBinaryException(ResourceLimitError,"MemoryAllocationFailed",
image->filename);
@ -103,10 +101,10 @@ index 2ffc72f88fa..e3b7df339f6 100644
logmap[i]=QuantumRange;
if (image->storage_class == PseudoClass)
diff --git a/MagickCore/memory.c b/MagickCore/memory.c
index 2598044486a..01bc80d86c5 100644
index 060b05e71..5db57acc7 100644
--- a/MagickCore/memory.c
+++ b/MagickCore/memory.c
@@ -1269,26 +1269,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info)
@@ -1230,26 +1230,36 @@ MagickExport MemoryInfo *RelinquishVirtualMemory(MemoryInfo *memory_info)
% %
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%
@ -144,13 +142,13 @@ index 2598044486a..01bc80d86c5 100644
assert(memory != (void *) NULL);
- return(memset(memory,byte,size));
+ while (n-- != 0)
+ *p++=(unsigned char) c;
+ return(memory);
+ *p++=(unsigned char) c;
+ return(memory);
}
/*
diff --git a/MagickCore/signature.c b/MagickCore/signature.c
index 2d9b0801523..1f79c91b11b 100644
index f0f0e42e0..f21feda27 100644
--- a/MagickCore/signature.c
+++ b/MagickCore/signature.c
@@ -736,7 +736,7 @@ RestoreMSCWarning
@ -160,10 +158,10 @@ index 2d9b0801523..1f79c91b11b 100644
- (void) memset(W,0,sizeof(W));
+ (void) ResetMagickMemory(W,0,sizeof(W));
}
/*
diff --git a/coders/thumbnail.c b/coders/thumbnail.c
index 59d97380d9e..e92dd312011 100644
index 1f7900aef..169bcfea8 100644
--- a/coders/thumbnail.c
+++ b/coders/thumbnail.c
@@ -199,7 +199,8 @@ static MagickBooleanType WriteTHUMBNAILImage(const ImageInfo *image_info,
@ -172,7 +170,10 @@ index 59d97380d9e..e92dd312011 100644
}
- if ((q+length) > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)))
+ if ((q > (GetStringInfoDatum(profile)+GetStringInfoLength(profile))) ||
+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
+ (length > (GetStringInfoDatum(profile)+GetStringInfoLength(profile)-q)))
ThrowWriterException(CoderError,"ImageDoesNotHaveAThumbnail");
thumbnail_image=BlobToImage(image_info,q,length,exception);
if (thumbnail_image == (Image *) NULL)
--
2.25.1