rpms/ImageMagick/FC-5 ImageMagick-6.2.5-yet-another-overflow.patch, NONE, 1.1 ImageMagick.spec, 1.57, 1.58
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed May 24 15:10:20 UTC 2006
Author: mclasen
Update of /cvs/dist/rpms/ImageMagick/FC-5
In directory cvs.devel.redhat.com:/tmp/cvs-serv29732
Modified Files:
ImageMagick.spec
Added Files:
ImageMagick-6.2.5-yet-another-overflow.patch
Log Message:
Fix a heap overflow
ImageMagick-6.2.5-yet-another-overflow.patch:
display.c | 15 ++++++++-------
1 files changed, 8 insertions(+), 7 deletions(-)
--- NEW FILE ImageMagick-6.2.5-yet-another-overflow.patch ---
--- ImageMagick-6.2.5/magick/display.c.yet-another-overflow 2006-05-24 11:03:37.000000000 -0400
+++ ImageMagick-6.2.5/magick/display.c 2006-05-24 11:03:58.000000000 -0400
@@ -1845,10 +1845,7 @@
image_number=0;
last_image=0;
last_scene=0;
- image_marker=(unsigned long *)
- AcquireMagickMemory((argc+1)*sizeof(*image_marker));
- for (i=0; i <= argc; i++)
- image_marker[i]=(unsigned long) argc;
+ image_marker=(unsigned long *) NULL;
option=(char *) NULL;
pend=MagickFalse;
resource_database=(XrmDatabase) NULL;
@@ -1856,9 +1853,6 @@
server_name=(char *) NULL;
state=0;
status=MagickTrue;
- if (image_marker == (unsigned long *) NULL)
- ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
- strerror(errno));
/*
Check for server name specified on the command line.
*/
@@ -1867,6 +1861,13 @@
if (status == MagickFalse)
ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
strerror(errno));
+ image_marker=(unsigned long *)
+ AcquireMagickMemory((argc+1)*sizeof(*image_marker));
+ for (i=0; i <= argc; i++)
+ image_marker[i]=(unsigned long) argc;
+ if (image_marker == (unsigned long *) NULL)
+ ThrowDisplayException(ResourceLimitError,"MemoryAllocationFailed",
+ strerror(errno));
for (i=1; i < (long) argc; i++)
{
/*
Index: ImageMagick.spec
===================================================================
RCS file: /cvs/dist/rpms/ImageMagick/FC-5/ImageMagick.spec,v
retrieving revision 1.57
retrieving revision 1.58
diff -u -r1.57 -r1.58
--- ImageMagick.spec 20 Mar 2006 14:34:45 -0000 1.57
+++ ImageMagick.spec 24 May 2006 15:10:17 -0000 1.58
@@ -9,7 +9,7 @@
%else
Version: %{VER}
%endif
-Release: 4.2.1.fc5.1
+Release: 4.2.1.fc5.2
License: freeware
Group: Applications/Multimedia
%if "%{Patchlevel}" != ""
@@ -20,6 +20,7 @@
Source1: magick_small.png
Patch1: ImageMagick-6.2.1-local_doc.patch
Patch2: ImageMagick-6.2.5-format-string-again.patch
+Patch3: ImageMagick-6.2.5-yet-another-overflow.patch
Url: http://www.imagemagick.org/
Buildroot: %{_tmppath}/%{name}-%{version}-root
@@ -115,6 +116,7 @@
%setup -q -n %{name}-%{VER}
%patch1 -p1 -b .local_doc
%patch2 -p1 -b .format-string-again
+%patch3 -p1 -b .yet-another-overflow
%build
%configure --enable-shared \
@@ -225,6 +227,9 @@
%doc PerlMagick/demo/ PerlMagick/Changelog PerlMagick/README.txt
%changelog
+* Wed May 24 2006 Matthias Clasen <mclasen at redhat.com> - 6.2.5.4-4.2.1.fc4.2
+- Fix a heap overflow CVE-2006-2440 (#192279)
+
* Mon Mar 20 2006 Matthias Clasen <mclasen at redhat.com> - 6.2.5.4-4.2.1.fc5.1
- Don't ship .la files (#185237)
More information about the fedora-cvs-commits
mailing list