From 6052ed8d3d6b39e870fdb403584f05efde7d91c8 Mon Sep 17 00:00:00 2001
From: 8chan <admin@8chan.co>
Date: Sat, 11 Oct 2014 15:41:16 -0700
Subject: [PATCH] SECURITY: imagemagick/graphicsmagick was ignoring all errors

So, in a much older patch I had a problem where an incorrect RGB
profile would make image uploads fail. I fixed this by using strpos
against the error message...but didn't check the return value
correctly.

That means that any error from gm/im was ignored. This caused people
to upload too large images and flood /b/ with 1 x 10000 pixel images

My fault, patched now. Sorry about that.

Conflicts:
	inc/image.php
---
 inc/image.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/inc/image.php b/inc/image.php
index eb8eb79b..7a68605d 100644
--- a/inc/image.php
+++ b/inc/image.php
@@ -330,6 +330,7 @@ class ImageConvert extends ImageBase {
 					$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
 				else
 					$convert_args = &$config['convert_args'];
+
 				if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
 					sprintf($convert_args,
 						$this->width,
@@ -361,10 +362,15 @@ class ImageConvert extends ImageBase {
 					$this->width,
 					$this->height,
 					escapeshellarg($this->temp)))) || !file_exists($this->temp)) {
-				if (!file_exists($this->temp)) {
-					$this->destroy();
-					error(_('Failed to resize image!'), null, $error);
-				}
+
+					if (strpos($error, "known incorrect sRGB profile") === false) {
+						$this->destroy();
+						error('Failed to resize image!', null, array('convert_error' => $error));
+					}
+					if (!file_exists($this->temp)) {
+						$this->destroy();
+						error(_('Failed to resize image!'), null, $error);
+					}
 			}
 			if ($size = $this->get_size($this->temp)) {
 				$this->width = $size[0];