SFW: Fix Fix heap buffer overflow in SFWScan().
authorBob Friesenhahn <bfriesen@GraphicsMagick.org>
Mon, 06 Nov 2017 19:36:06 -0600
changeset 15254 1b47e0078e05
parent 15253 160f5dec564d
child 15255 23528aeb9b31
SFW: Fix Fix heap buffer overflow in SFWScan().
ChangeLog
VisualMagick/installer/inc/version.isx
coders/sfw.c
magick/version.h
www/Changelog.html
--- a/ChangeLog	Mon Nov 06 08:13:49 2017 -0600
+++ b/ChangeLog	Mon Nov 06 19:36:06 2017 -0600
@@ -1,3 +1,9 @@
+2017-11-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* coders/sfw.c (SFWScan): Fix heap buffer overflow
+	(CVE-2017-13134).  Notified of problem via email (including a
+	patch) from Petr Gajdos on Mon, 6 Nov 2017.
+
 2017-11-05  Fojtik Jaroslav  <JaFojtik@seznam.cz>
 
 	* coders/wpg.c Wrong MaxMap check condition - fixed.
--- a/VisualMagick/installer/inc/version.isx	Mon Nov 06 08:13:49 2017 -0600
+++ b/VisualMagick/installer/inc/version.isx	Mon Nov 06 19:36:06 2017 -0600
@@ -10,5 +10,5 @@
 
 #define public MagickPackageName "GraphicsMagick"
 #define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020171105"
-#define public MagickPackageReleaseDate "snapshot-20171105"
+#define public MagickPackageVersionAddendum ".020171106"
+#define public MagickPackageReleaseDate "snapshot-20171106"
--- a/coders/sfw.c	Mon Nov 06 08:13:49 2017 -0600
+++ b/coders/sfw.c	Mon Nov 06 19:36:06 2017 -0600
@@ -120,18 +120,16 @@
   register size_t
     i;
 
-  if (p+length < q)
+  while ((p+length) < q)
     {
-      while( p < q )
-	{
-	  for (i=0; i < length; i++)
-	    if (p[i] != target[i])
-	      break;
-	  if (i == length)
-	    return((unsigned char *) p);
-	  p++;
-	}
+      for (i=0; i < length; i++)
+        if (p[i] != target[i])
+          break;
+      if (i == length)
+        return((unsigned char *) p);
+      p++;
     }
+
   return((unsigned char *) NULL);
 }
 
--- a/magick/version.h	Mon Nov 06 08:13:49 2017 -0600
+++ b/magick/version.h	Mon Nov 06 19:36:06 2017 -0600
@@ -38,8 +38,8 @@
 #define MagickLibVersion  0x191600
 #define MagickLibVersionText  "1.4"
 #define MagickLibVersionNumber 19,16,0
-#define MagickChangeDate   "20171105"
-#define MagickReleaseDate  "snapshot-20171105"
+#define MagickChangeDate   "20171106"
+#define MagickReleaseDate  "snapshot-20171106"
 	
 /*
   The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
--- a/www/Changelog.html	Mon Nov 06 08:13:49 2017 -0600
+++ b/www/Changelog.html	Mon Nov 06 19:36:06 2017 -0600
@@ -35,6 +35,14 @@
 <div class="document">
 
 
+<p>2017-11-06  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+<blockquote>
+<ul class="simple">
+<li>coders/sfw.c (SFWScan): Fix heap buffer overflow
+(CVE-2017-13134).  Notified of problem via email (including a
+patch) from Petr Gajdos on Mon, 6 Nov 2017.</li>
+</ul>
+</blockquote>
 <p>2017-11-05  Fojtik Jaroslav  &lt;<a class="reference external" href="mailto:JaFojtik&#37;&#52;&#48;seznam&#46;cz">JaFojtik<span>&#64;</span>seznam<span>&#46;</span>cz</a>&gt;</p>
 <blockquote>
 <ul class="simple">