Sophie

Sophie

distrib > Mageia > 5 > x86_64 > by-pkgid > 857b723175ea1d5f45c5b31f25037f76 > files > 46

imagemagick-6.8.9.9-4.2.mga5.src.rpm

From 33b2d377b94eb738011bc7d5e90ca0a16ce4d471 Mon Sep 17 00:00:00 2001
From: dirk <dirk@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
Date: Tue, 16 Dec 2014 22:50:20 +0000
Subject: Fixed parsing resource block.

Avoid a crash

git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17305 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74
origin:  http://trac.imagemagick.org/changeset/17305

diff --git a/coders/psd.c b/coders/psd.c
index eaeb6bc..e0dc766 100644
--- a/coders/psd.c
+++ b/coders/psd.c
@@ -521,7 +521,7 @@ static const char *ModeToString(PSDImageType type)
   }
 }
 
-static MagickBooleanType ParseImageResourceBlocks(Image *image,
+static void ParseImageResourceBlocks(Image *image,
   const unsigned char *blocks,size_t length,
   MagickBooleanType *has_merged_image)
 {
@@ -540,7 +540,7 @@ static MagickBooleanType ParseImageResourceBlocks(Image *image,
     short_sans;
 
   if (length < 16)
-    return(MagickFalse);
+    return;
   profile=BlobToStringInfo((const void *) NULL,length);
   SetStringInfoDatum(profile,blocks);
   (void) SetImageProfile(image,"8bim",profile);
@@ -552,7 +552,9 @@ static MagickBooleanType ParseImageResourceBlocks(Image *image,
     p=PushLongPixel(MSBEndian,p,&long_sans);
     p=PushShortPixel(MSBEndian,p,&id);
     p=PushShortPixel(MSBEndian,p,&short_sans);
-    p=PushLongPixel(MSBEndian,p,&count);
+    p=PushLongPixel(MSBEndian,p,&count);
+    if (p+count > blocks+length)
+      return;
     switch (id)
     {
       case 0x03ed:
@@ -601,7 +603,7 @@ static MagickBooleanType ParseImageResourceBlocks(Image *image,
     if ((count & 0x01) != 0)
       p++;
   }
-  return(MagickTrue);
+  return;
 }
 
 static CompositeOperator PSDBlendModeToCompositeOperator(const char *mode)
@@ -1752,7 +1754,7 @@ static Image *ReadPSDImage(const ImageInfo *image_info,
         (void) LogMagickEvent(CoderEvent,GetMagickModule(),
           "  reading image resource blocks - %.20g bytes",(double)
           ((MagickOffsetType) length));
-      blocks=(unsigned char *) AcquireQuantumMemory((size_t) length+16,
+      blocks=(unsigned char *) AcquireQuantumMemory((size_t) length,
         sizeof(*blocks));
       if (blocks == (unsigned char *) NULL)
         ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
@@ -1763,8 +1765,7 @@ static Image *ReadPSDImage(const ImageInfo *image_info,
           blocks=(unsigned char *) RelinquishMagickMemory(blocks);
           ThrowReaderException(CorruptImageError,"ImproperImageHeader");
         }
-      (void) ParseImageResourceBlocks(image,blocks,(size_t) length,
-        &has_merged_image);
+      ParseImageResourceBlocks(image,blocks,(size_t) length,&has_merged_image);
       blocks=(unsigned char *) RelinquishMagickMemory(blocks);
     }
   /*
-- 
cgit v0.10.2

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional