freeimage/CVE-2020-24293.patch

Origin: https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24293.patch
diff -rupN --no-dereference freeimage-svn-r1909-FreeImage-trunk/Source/FreeImage/PSDParser.cpp freeimage-svn-r1909-FreeImage-trunk-new/Source/FreeImage/PSDParser.cpp
--- freeimage-svn-r1909-FreeImage-trunk/Source/FreeImage/PSDParser.cpp	2023-09-28 19:34:47.287014100 +0200
+++ freeimage-svn-r1909-FreeImage-trunk-new/Source/FreeImage/PSDParser.cpp	2023-09-28 19:34:47.832008666 +0200
@@ -780,6 +780,10 @@ int psdThumbnail::Read(FreeImageIO *io,
 		FreeImage_Unload(_dib);
 	}
 
+	if (_WidthBytes != _Width * _BitPerPixel / 8) {
+	  throw "Invalid PSD image";
+	}
+
 	if(_Format == 1) {
 		// kJpegRGB thumbnail image
 		_dib = FreeImage_LoadFromHandle(FIF_JPEG, io, handle);
Fix CVE-2020-24292 CVE-2020-24293 CVE-2020-24295 CVE-2021-33367 CVE-2021-40263 CVE-2021-40266 CVE-2023-47995 CVE-2023-47997 2024-10-24 19:59:32 +08:00			`Origin: https://src.fedoraproject.org/rpms/freeimage/blob/f39/f/CVE-2020-24293.patch`
			`diff -rupN --no-dereference freeimage-svn-r1909-FreeImage-trunk/Source/FreeImage/PSDParser.cpp freeimage-svn-r1909-FreeImage-trunk-new/Source/FreeImage/PSDParser.cpp`
			`--- freeimage-svn-r1909-FreeImage-trunk/Source/FreeImage/PSDParser.cpp 2023-09-28 19:34:47.287014100 +0200`
			`+++ freeimage-svn-r1909-FreeImage-trunk-new/Source/FreeImage/PSDParser.cpp 2023-09-28 19:34:47.832008666 +0200`
			`@@ -780,6 +780,10 @@ int psdThumbnail::Read(FreeImageIO *io,`
			`FreeImage_Unload(_dib);`
			`}`

			`+ if (_WidthBytes != _Width * _BitPerPixel / 8) {`
			`+ throw "Invalid PSD image";`
			`+ }`
			`+`
			`if(_Format == 1) {`
			`// kJpegRGB thumbnail image`
			`_dib = FreeImage_LoadFromHandle(FIF_JPEG, io, handle);`