Sophie

Sophie

distrib > Mageia > 5 > x86_64 > by-pkgid > 857b723175ea1d5f45c5b31f25037f76 > files > 54

imagemagick-6.8.9.9-4.2.mga5.src.rpm

From d99d71cb30b0214ed1e27bc104e2b738048130e1 Mon Sep 17 00:00:00 2001
From: dirk <dirk@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
Date: Sun, 25 Jan 2015 07:32:56 +0000
Subject: Fix a DOS in HDR file

Fixed infinite loop and added checks for the sscanf result.

git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17846 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74
origin: http://trac.imagemagick.org/changeset/17846
---
 coders/hdr.c | 36 ++++++++++++++++++++----------------
 1 file changed, 20 insertions(+), 16 deletions(-)

diff --git a/coders/hdr.c b/coders/hdr.c
index 2f5a9ef..0723fe6 100644
--- a/coders/hdr.c
+++ b/coders/hdr.c
@@ -273,7 +273,7 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception)
           if (value_expected == MagickFalse)
             continue;
           p=value;
-          while ((c != '\n') && (c != '\0'))
+          while ((c != '\n') && (c != '\0') && (c != EOF))
           {
             if ((size_t) (p-value) < (MaxTextExtent-1))
               *p++=c;
@@ -318,18 +318,20 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception)
                     chromaticity[6],
                     white_point[2];
 
-                  (void) sscanf(value,"%g %g %g %g %g %g %g %g",
-                    &chromaticity[0],&chromaticity[1],&chromaticity[2],
-                    &chromaticity[3],&chromaticity[4],&chromaticity[5],
-                    &white_point[0],&white_point[1]);
-                  image->chromaticity.red_primary.x=chromaticity[0];
-                  image->chromaticity.red_primary.y=chromaticity[1];
-                  image->chromaticity.green_primary.x=chromaticity[2];
-                  image->chromaticity.green_primary.y=chromaticity[3];
-                  image->chromaticity.blue_primary.x=chromaticity[4];
-                  image->chromaticity.blue_primary.y=chromaticity[5];
-                  image->chromaticity.white_point.x=white_point[0],
-                  image->chromaticity.white_point.y=white_point[1];
+                  if (sscanf(value,"%g %g %g %g %g %g %g %g",&chromaticity[0],
+                      &chromaticity[1],&chromaticity[2],&chromaticity[3],
+                      &chromaticity[4],&chromaticity[5],&white_point[0],
+                      &white_point[1]) == 8)
+                    {
+                      image->chromaticity.red_primary.x=chromaticity[0];
+                      image->chromaticity.red_primary.y=chromaticity[1];
+                      image->chromaticity.green_primary.x=chromaticity[2];
+                      image->chromaticity.green_primary.y=chromaticity[3];
+                      image->chromaticity.blue_primary.x=chromaticity[4];
+                      image->chromaticity.blue_primary.y=chromaticity[5];
+                      image->chromaticity.white_point.x=white_point[0],
+                      image->chromaticity.white_point.y=white_point[1];
+                    }
                   break;
                 }
               (void) FormatLocaleString(tag,MaxTextExtent,"hdr:%s",keyword);
@@ -345,9 +347,11 @@ static Image *ReadHDRImage(const ImageInfo *image_info,ExceptionInfo *exception)
                     height,
                     width;
 
-                  (void) sscanf(value,"%d +X %d",&height,&width);
-                  image->columns=(size_t) width;
-                  image->rows=(size_t) height;
+                  if (sscanf(value,"%d +X %d",&height,&width) == 2)
+                    {
+                      image->columns=(size_t) width;
+                      image->rows=(size_t) height;
+                    }
                   break;
                 }
               (void) FormatLocaleString(tag,MaxTextExtent,"hdr:%s",keyword);
-- 
cgit v0.11.2

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional