[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: Reject truncated/absurd Utah RLE files.
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2016-08-20 20:55:35
Message-ID: hg.30043afadb10.1471726535.2950750188400161634 () src ! simplesystems ! org
[Download RAW message or body]
changeset 30043afadb10 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=30043afadb10
summary: Reject truncated/absurd Utah RLE files.
diffstat:
ChangeLog | 6 ++++++
VisualMagick/installer/inc/version.isx | 4 ++--
coders/rle.c | 18 ++++++++++++++++--
magick/version.h | 4 ++--
www/Changelog.html | 8 ++++++++
5 files changed, 34 insertions(+), 6 deletions(-)
diffs (101 lines):
diff -r eb58028dacf5 -r 30043afadb10 ChangeLog
--- a/ChangeLog Thu Aug 18 20:58:27 2016 -0500
+++ b/ChangeLog Sat Aug 20 15:55:32 2016 -0500
@@ -1,3 +1,9 @@
+2016-08-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+
+ * coders/rle.c (ReadRLEImage): Reject truncated/absurd Utah RLE
+ files. Problem was reported by Agostino Sarubbo on August 19,
+ 2016.
+
2016-08-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* coders/tiff.c (ReadTIFFImage): Fix heap-based buffer read
diff -r eb58028dacf5 -r 30043afadb10 VisualMagick/installer/inc/version.isx
--- a/VisualMagick/installer/inc/version.isx Thu Aug 18 20:58:27 2016 -0500
+++ b/VisualMagick/installer/inc/version.isx Sat Aug 20 15:55:32 2016 -0500
@@ -10,5 +10,5 @@
#define public MagickPackageName "GraphicsMagick"
#define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020160818"
-#define public MagickPackageReleaseDate "snapshot-20160818"
+#define public MagickPackageVersionAddendum ".020160820"
+#define public MagickPackageReleaseDate "snapshot-20160820"
diff -r eb58028dacf5 -r 30043afadb10 coders/rle.c
--- a/coders/rle.c Thu Aug 18 20:58:27 2016 -0500
+++ b/coders/rle.c Sat Aug 20 15:55:32 2016 -0500
@@ -257,6 +257,9 @@
number_pixels,
number_planes;
+ magick_off_t
+ file_size;
+
/*
Open image file.
*/
@@ -275,6 +278,7 @@
count=ReadBlob(image,2,(char *) &rle_header.Magic);
if ((count != 2) || (memcmp(&rle_header.Magic,"\122\314",2) != 0))
ThrowRLEReaderException(CorruptImageError,ImproperImageHeader,image);
+ file_size=GetBlobSize(image);
do
{
/*
@@ -388,11 +392,21 @@
if (CheckImagePixelLimits(image, exception) != MagickPass)
ThrowRLEReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
+ if (image->matte)
+ number_planes++;
+
+ /*
+ Rationalize pixels with file size
+ */
+ if ((file_size == 0) ||
+ ((((double) image->columns*image->rows*number_planes*
+ rle_header.Pixelbits/8)/file_size) > 254.0))
+ ThrowRLEReaderException(CorruptImageError,InsufficientImageDataInFile,
+ image);
+
/*
Allocate RLE pixels.
*/
- if (image->matte)
- number_planes++;
number_pixels=image->columns*image->rows;
if ((image->columns != 0) &&
(image->rows != number_pixels/image->columns))
diff -r eb58028dacf5 -r 30043afadb10 magick/version.h
--- a/magick/version.h Thu Aug 18 20:58:27 2016 -0500
+++ b/magick/version.h Sat Aug 20 15:55:32 2016 -0500
@@ -38,8 +38,8 @@
#define MagickLibVersion 0x181500
#define MagickLibVersionText "1.4"
#define MagickLibVersionNumber 18,15,0
-#define MagickChangeDate "20160818"
-#define MagickReleaseDate "snapshot-20160818"
+#define MagickChangeDate "20160820"
+#define MagickReleaseDate "snapshot-20160820"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
diff -r eb58028dacf5 -r 30043afadb10 www/Changelog.html
--- a/www/Changelog.html Thu Aug 18 20:58:27 2016 -0500
+++ b/www/Changelog.html Sat Aug 20 15:55:32 2016 -0500
@@ -35,6 +35,14 @@
<div class="document">
+<p>2016-08-20 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>coders/rle.c (ReadRLEImage): Reject truncated/absurd Utah RLE
+files. Problem was reported by Agostino Sarubbo on August 19,
+2016.</li>
+</ul>
+</blockquote>
<p>2016-08-18 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">
------------------------------------------------------------------------------
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic