ImageMagick-6.9.6-7差分
ImageMagick-6.9.6-6差分 - yoyaのメモの続き
The latest release of ImageMagick is version 6.9.6-7
- 7 系同時リリースは ImageMagick-7.0.3-9 (https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/ CVE-2016-9556)
まとめ
- CVE-2016-8707 の修正 (圧縮TIFF の書き出しでバッファオーバーフロー)
差分
- 圧縮 TIFF を書き出す時にバッファオーバーフローが可能な件の修正。
(Cisco Talos による脆弱性レポート, CVE-2016-8707).
ChangeLog にないもの
47c47
< class MagickPPExport adaptiveBlurImage : public std::unary_function<Image&,void>
---
> class MagickPPExport adaptiveBlurImage
<以下沢山>
ChangeLog の分
- coders/tiff.c
1157c1157 < *pixels; --- > *tiff_pixels; 1584c1584 < if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_CONTIG)) --- > if ((samples_per_pixel >= 3) && (interlace == PLANARCONFIG_CONTIG)) 1586c1586 < if ((samples_per_pixel >= 2) && (interlace == PLANARCONFIG_SEPARATE)) --- > if ((samples_per_pixel >= 4) && (interlace == PLANARCONFIG_SEPARATE)) 1609c1609,1615 < pixels=GetQuantumPixels(quantum_info); --- > tiff_pixels=(unsigned char *) AcquireMagickMemory(TIFFScanlineSize(tiff)+ > sizeof(uint32)); > if (tiff_pixels == (unsigned char *) NULL) > { > TIFFClose(tiff); > ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); > } 1646d1651 < pixels=GetQuantumPixels(quantum_info); 1655c1660 < status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); --- > status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels); 1662c1667 < quantum_type,pixels,exception); --- > quantum_type,tiff_pixels,exception); 1703d1707 < pixels=GetQuantumPixels(quantum_info); 1712c1716 < status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); --- > status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels); 1719c1723 < quantum_type,pixels,exception); --- > quantum_type,tiff_pixels,exception); 1748c1752 < pixels); --- > tiff_pixels); 1774c1778 < quantum_type,pixels,exception); --- > quantum_type,tiff_pixels,exception); 1790d1793 < pixels=GetQuantumPixels(quantum_info); 1808c1811 < status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) pixels); --- > status=TIFFReadPixels(tiff,bits_per_sample,0,y,(char *) tiff_pixels); 1815c1818 < p=pixels; --- > p=tiff_pixels; 1864c1867 < if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) pixels) == 0) --- > if (TIFFReadRGBAStrip(tiff,(tstrip_t) y,(uint32 *) tiff_pixels) == 0) 1870c1873 < p=((uint32 *) pixels)+image->columns*i; --- > p=((uint32 *) tiff_pixels)+image->columns*i; 1923,1924c1926,1927 < tile_pixels=(uint32 *) AcquireQuantumMemory(columns, < rows*sizeof(*tile_pixels)); --- > tile_pixels=(uint32 *) AcquireQuantumMemory(columns,rows* > sizeof(*tile_pixels)); 2080a2084 > tiff_pixels=(unsigned char *) RelinquishMagickMemory(tiff_pixels);
ChangeLogにない差分
47c47
< class MagickPPExport adaptiveBlurImage : public std::unary_function<Image&,void>
---
> class MagickPPExport adaptiveBlurImage
<以下沢山>
- coders/gif.c
- 今のところ p は参照されてないので動作に影響ない。
674c674,677 < waiting_code=(short) (*indexes); --- > { > waiting_code=(short) (*indexes); > p++; > }
- magick/accelerate.c
- メモリ取得失敗チェックの間違い
4889c4889 < if (imageBuffer == (cl_mem) NULL) --- > if (filteredImageBuffer == (cl_mem) NULL) 4892c4892
- magick/blob.c
132d131 < immutable, 212d210 < blob_info->immutable=MagickTrue; 460d457 < clone_info->immutable=blob_info->immutable; 700d696 < blob_info->immutable=MagickFalse; 4024c4020 < if (image->blob->immutable != MagickFalse) --- > if (image->blob->mapped != MagickFalse)
- magick/compare.c
- 回りくどく clone_image 経由で difference_image を作ってたのを直接作るように。(リファイン)
- SetImageAlphaChannel の追加
168a169 > *clone_image, 204c205,209 < difference_image=CloneImage(image,0,0,MagickTrue,exception); --- > clone_image=CloneImage(image,0,0,MagickTrue,exception); > if (clone_image == (Image *) NULL) > return((Image *) NULL); > difference_image=CloneImage(clone_image,0,0,MagickTrue,exception); > clone_image=DestroyImage(clone_image); 206a212 > (void) SetImageMask(difference_image,(Image *) NULL); 223c229 < (void) SetImageAlphaChannel(highlight_image,OpaqueAlphaChannel); --- > (void) SetImageMask(highlight_image,(Image *) NULL);
ChangeLog
2016-12-05 6.9.6-7 Cristy <quetzlzacatenango@image...> * Release ImageMagick version 6.9.6-7, GIT revision 11188:668b60c:20161205. 2016-12-02 6.9.6-7 Cristy <quetzlzacatenango@image...> * Fix possible buffer overflow when writing compressed TIFFS (vulnerability report from Cisco Talos, CVE-2016-8707).