[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: 4 new changesets
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2017-07-22 20:40:03
Message-ID: mailman.1611.1500756012.2635.graphicsmagick-commit () lists ! sourceforge ! net
[Download RAW message or body]
changeset d00b74315a71 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=d00b74315a71
summary: CMYK: Fixed heap overflow with multiple frames with varying widths.
changeset 39961adf974c in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=39961adf974c
summary: RGB: Fixed heap overflow with multiple frames with varying widths.
changeset 355f22136e33 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=355f22136e33
summary: GRAY: Cleanup.
changeset 30cd2b31f7e0 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=30cd2b31f7e0
summary: Update changelog
diffstat:
ChangeLog | 13 ++++++
coders/cmyk.c | 106 +++++++++++++++++++++++++++++++---------------------
coders/gray.c | 58 ++++++++++++++++-------------
coders/rgb.c | 89 ++++++++++++++++++++++++++++----------------
www/Changelog.html | 10 +++++
5 files changed, 175 insertions(+), 101 deletions(-)
diffs (480 lines):
diff -r 4089bde04d74 -r 30cd2b31f7e0 ChangeLog
--- a/ChangeLog Sat Jul 22 13:08:14 2017 -0500
+++ b/ChangeLog Sat Jul 22 15:40:00 2017 -0500
@@ -1,5 +1,18 @@
2017-07-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+ * coders/gray.c (WriteGRAYImage): Improve tracing and tidy up.
+
+ * coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB
+ writer (all output subformats) given a multiframe sequence using
+ different widths. Problem was reported by LCatro via email on
+ July 18.
+
+ * coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK
+ writer (all output subformats) given a multiframe sequence using
+ different widths. Also fix wrong output of CMYKA (and vice-versa)
+ when CMYK was intended. Problem was reported by LCatro via email
+ on July 18.
+
* coders/palm.c: Disable the PALM writer since the writer is a
work in progress and still has implementation problems. Perhaps
no one in the world remains who cares about the undocumented PALM
diff -r 4089bde04d74 -r 30cd2b31f7e0 coders/cmyk.c
--- a/coders/cmyk.c Sat Jul 22 13:08:14 2017 -0500
+++ b/coders/cmyk.c Sat Jul 22 15:40:00 2017 -0500
@@ -1,5 +1,5 @@
/*
-% Copyright (C) 2003 - 2015 GraphicsMagick Group
+% Copyright (C) 2003 - 2017 GraphicsMagick Group
% Copyright (C) 2002 ImageMagick Studio
% Copyright 1991-1999 E. I. du Pont de Nemours and Company
%
@@ -92,8 +92,8 @@
y;
register long
- i,
- x;
+ x,
+ i;
register PixelPacket
*q;
@@ -608,16 +608,17 @@
*/
static unsigned int WriteCMYKImage(const ImageInfo *image_info,Image *image)
{
- int
+ long
y;
register const PixelPacket
*p;
unsigned char
- *pixels;
+ *pixels = (unsigned char *) NULL;
unsigned int
+ depth,
packet_size,
quantum_size,
scene,
@@ -629,27 +630,11 @@
ExportPixelAreaInfo
export_info;
- if (image->depth <= 8)
- quantum_size=8;
- else if (image->depth <= 16)
- quantum_size=16;
- else
- quantum_size=32;
-
-
- /*
- Allocate memory for pixels.
- */
assert(image_info != (const ImageInfo *) NULL);
assert(image_info->signature == MagickSignature);
assert(image != (Image *) NULL);
assert(image->signature == MagickSignature);
- packet_size=(quantum_size*4)/8;
- if (LocaleCompare(image_info->magick,"CMYKA") == 0)
- packet_size=(quantum_size*5)/8;
- pixels=MagickAllocateArray(unsigned char *,packet_size,image->columns);
- if (pixels == (unsigned char *) NULL)
- ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
+
if (image_info->interlace != PartitionInterlace)
{
/*
@@ -659,16 +644,39 @@
if (status == False)
ThrowWriterException(FileOpenError,UnableToOpenFile,image);
}
+
+ /*
+ Support depth in multiples of 8 bits.
+ */
+ if (image->depth > 16)
+ depth=32;
+ else if (image->depth > 8)
+ depth=16;
+ else
+ depth=8;
+
+ if (depth <= 8)
+ quantum_size=8;
+ else if (depth <= 16)
+ quantum_size=16;
+ else
+ quantum_size=32;
+
+ packet_size=(quantum_size*4)/8;
+ if (LocaleCompare(image_info->magick,"CMYKA") == 0)
+ packet_size=(quantum_size*5)/8;
+
scene=0;
do
{
/*
- Convert MIFF to CMYK raster pixels.
+ Allocate memory for pixels.
*/
- (void) TransformColorspace(image,CMYKColorspace);
- if (LocaleCompare(image_info->magick,"CMYKA") == 0)
- if (!image->matte)
- SetImageOpacity(image,OpaqueOpacity);
+ MagickReallocMemory(unsigned char *,pixels,
+ MagickArraySize(packet_size,image->columns));
+ if (pixels == (unsigned char *) NULL)
+ ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
+
/*
Initialize export options.
*/
@@ -677,10 +685,28 @@
export_options.endian=image->endian;
else if (image_info->endian != UndefinedEndian)
export_options.endian=image_info->endian;
- if (image->logging)
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
- "Image depth %u bits, Endian %s",quantum_size,
- EndianTypeToString(export_options.endian));
+
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ "%lu: "
+ "Geometry %lux%lu, "
+ "Depth %u bits, "
+ "Endian %s, Packet Size %u, "
+ "Row bytes %" MAGICK_SIZE_T_F "u",
+ image->scene,
+ image->columns,image->rows,
+ quantum_size,
+ EndianTypeToString(export_options.endian),
+ packet_size,
+ (MAGICK_SIZE_T) \
MagickArraySize(packet_size,image->columns)); +
+ /*
+ Convert MIFF to CMYK raster pixels.
+ */
+ (void) TransformColorspace(image,CMYKColorspace);
+ if (LocaleCompare(image_info->magick,"CMYKA") == 0)
+ if (!image->matte)
+ SetImageOpacity(image,OpaqueOpacity);
+
switch (image_info->interlace)
{
case NoInterlace:
@@ -689,23 +715,17 @@
/*
No interlacing: CMYKCMYKCMYKCMYKCMYKCMYK...
*/
+ const QuantumType quantum_type =
+ (LocaleCompare(image_info->magick,"CMYKA") == 0) ? CMYKAQuantum :
+ CMYKQuantum;
for (y=0; y < (long) image->rows; y++)
{
p=AcquireImagePixels(image,0,y,image->columns,1,&image->exception);
if (p == (const PixelPacket *) NULL)
break;
- if (LocaleCompare(image_info->magick,"CMYKA") != 0)
- {
- (void) ExportImagePixelArea(image,CMYKQuantum,quantum_size,pixels,
- &export_options,&export_info);
- (void) WriteBlob(image,export_info.bytes_exported,pixels);
- }
- else
- {
- (void) ExportImagePixelArea(image,CMYKAQuantum,quantum_size,pixels,
- &export_options,&export_info);
- (void) WriteBlob(image,export_info.bytes_exported,pixels);
- }
+ (void) ExportImagePixelArea(image,quantum_type,quantum_size,pixels,
+ &export_options,&export_info);
+ (void) WriteBlob(image,export_info.bytes_exported,pixels);
if (image->previous == (Image *) NULL)
if (QuantumTick(y,image->rows))
if (!MagickMonitorFormatted(y,image->rows,&image->exception,
diff -r 4089bde04d74 -r 30cd2b31f7e0 coders/gray.c
--- a/coders/gray.c Sat Jul 22 13:08:14 2017 -0500
+++ b/coders/gray.c Sat Jul 22 15:40:00 2017 -0500
@@ -1,5 +1,5 @@
/*
-% Copyright (C) 2003 - 2015 GraphicsMagick Group
+% Copyright (C) 2003 - 2017 GraphicsMagick Group
% Copyright (C) 2002 ImageMagick Studio
% Copyright 1991-1999 E. I. du Pont de Nemours and Company
%
@@ -147,8 +147,10 @@
Image
*image;
+ unsigned long
+ j;
+
long
- j,
y;
register long
@@ -299,7 +301,7 @@
}
image->is_grayscale=is_grayscale;
count=image->tile_info.height-image->rows-image->tile_info.y;
- for (j=0; j < (long) count; j++)
+ for (j=0; j < count; j++)
(void) ReadBlob(image,packet_size*image->tile_info.width,scanline);
if (EOFBlob(image))
{
@@ -526,14 +528,14 @@
static unsigned int WriteGRAYImage(const ImageInfo *image_info,Image *image)
{
- int
+ long
y;
register const PixelPacket
*p;
unsigned char
- *scanline=0;
+ *scanline= (unsigned char *) NULL;
unsigned int
depth,
@@ -574,6 +576,17 @@
depth=16;
else
depth=8;
+
+ if (depth <= 8)
+ quantum_size=8;
+ else if (depth <= 16)
+ quantum_size=16;
+ else
+ quantum_size=32;
+
+ samples_per_pixel=MagickGetQuantumSamplesPerPixel(quantum_type);
+ packet_size=(quantum_size*samples_per_pixel)/8;
+
/*
Convert image to gray scale PseudoColor class.
*/
@@ -581,17 +594,6 @@
do
{
/*
- Allocate memory for scanline.
- */
- if (depth <= 8)
- quantum_size=8;
- else if (depth <= 16)
- quantum_size=16;
- else
- quantum_size=32;
- samples_per_pixel=MagickGetQuantumSamplesPerPixel(quantum_type);
- packet_size=(quantum_size*samples_per_pixel)/8;
- /*
Allocate scanline
*/
scanline=MagickAllocateArray(unsigned char *,packet_size,image->columns);
@@ -626,16 +628,20 @@
export_options.endian=image->endian;
else if (image_info->endian != UndefinedEndian)
export_options.endian=image_info->endian;
- if (image->logging)
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
- "Depth: %u bits, "
- "Type: %s, "
- "Samples/Pixel: %u, "
- "Endian %s",
- quantum_size,
- QuantumTypeToString(quantum_type),
- samples_per_pixel,
- EndianTypeToString(export_options.endian));
+
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ "%lu: "
+ "Geometry %lux%lu, "
+ "Depth: %u bits, "
+ "Type: %s, "
+ "Samples/Pixel: %u, "
+ "Endian %s",
+ image->scene,
+ image->columns,image->rows,
+ quantum_size,
+ QuantumTypeToString(quantum_type),
+ samples_per_pixel,
+ EndianTypeToString(export_options.endian));
/*
Convert MIFF to GRAY raster scanline.
*/
diff -r 4089bde04d74 -r 30cd2b31f7e0 coders/rgb.c
--- a/coders/rgb.c Sat Jul 22 13:08:14 2017 -0500
+++ b/coders/rgb.c Sat Jul 22 15:40:00 2017 -0500
@@ -1,5 +1,5 @@
/*
-% Copyright (C) 2003 - 2015 GraphicsMagick Group
+% Copyright (C) 2003 - 2017 GraphicsMagick Group
% Copyright (C) 2002 ImageMagick Studio
% Copyright 1991-1999 E. I. du Pont de Nemours and Company
%
@@ -570,19 +570,20 @@
*/
static unsigned int WriteRGBImage(const ImageInfo *image_info,Image *image)
{
- int
+ long
y;
register const PixelPacket
*p;
unsigned char
- *pixels;
+ *pixels = (unsigned char *) NULL;
unsigned int
status;
unsigned int
+ depth,
packet_size,
quantum_size,
scene;
@@ -593,27 +594,11 @@
ExportPixelAreaInfo
export_info;
- /*
- Allocate memory for pixels.
- */
assert(image_info != (const ImageInfo *) NULL);
assert(image_info->signature == MagickSignature);
assert(image != (Image *) NULL);
assert(image->signature == MagickSignature);
- if (image->depth <= 8)
- quantum_size=8;
- else if (image->depth <= 16)
- quantum_size=16;
- else
- quantum_size=32;
-
- packet_size=(quantum_size*3)/8;
- if (LocaleCompare(image_info->magick,"RGBA") == 0)
- packet_size=(quantum_size*4)/8;
- pixels=MagickAllocateArray(unsigned char *,packet_size,image->columns);
- if (pixels == (unsigned char *) NULL)
- ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
if (image_info->interlace != PartitionInterlace)
{
/*
@@ -623,30 +608,70 @@
if (status == False)
ThrowWriterException(FileOpenError,UnableToOpenFile,image);
}
- scene=0;
+
/*
- Initialize export options.
+ Support depth in multiples of 8 bits.
*/
- ExportPixelAreaOptionsInit(&export_options);
- if (image->endian != UndefinedEndian)
- export_options.endian=image->endian;
- else if (image_info->endian != UndefinedEndian)
- export_options.endian=image_info->endian;
- if (image->logging)
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
- "Depth %u bits, Endian %s, Interlace %s",
- quantum_size,
- EndianTypeToString(export_options.endian),
- InterlaceTypeToString(image_info->interlace));
+ if (image->depth > 16)
+ depth=32;
+ else if (image->depth > 8)
+ depth=16;
+ else
+ depth=8;
+
+ if (depth <= 8)
+ quantum_size=8;
+ else if (depth <= 16)
+ quantum_size=16;
+ else
+ quantum_size=32;
+
+ packet_size=(quantum_size*3)/8;
+ if (LocaleCompare(image_info->magick,"RGBA") == 0)
+ packet_size=(quantum_size*4)/8;
+
+ scene=0;
do
{
/*
+ Allocate memory for pixels.
+ */
+ MagickReallocMemory(unsigned char *,pixels,
+ MagickArraySize(packet_size,image->columns));
+ if (pixels == (unsigned char *) NULL)
+ ThrowWriterException(ResourceLimitError,MemoryAllocationFailed,image);
+
+ /*
+ Initialize export options.
+ */
+ ExportPixelAreaOptionsInit(&export_options);
+ if (image->endian != UndefinedEndian)
+ export_options.endian=image->endian;
+ else if (image_info->endian != UndefinedEndian)
+ export_options.endian=image_info->endian;
+
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ "%lu: "
+ "Geometry %lux%lu, "
+ "Depth %u bits, "
+ "Endian %s, "
+ "Packet Size %u, "
+ "Row bytes %" MAGICK_SIZE_T_F "u",
+ image->scene,
+ image->columns,image->rows,
+ quantum_size,
+ EndianTypeToString(export_options.endian),
+ packet_size,
+ (MAGICK_SIZE_T) \
MagickArraySize(packet_size,image->columns)); +
+ /*
Convert MIFF to RGB raster pixels.
*/
(void) TransformColorspace(image,RGBColorspace);
if (LocaleCompare(image_info->magick,"RGBA") == 0)
if (!image->matte)
SetImageOpacity(image,OpaqueOpacity);
+
switch (image_info->interlace)
{
case NoInterlace:
diff -r 4089bde04d74 -r 30cd2b31f7e0 www/Changelog.html
--- a/www/Changelog.html Sat Jul 22 13:08:14 2017 -0500
+++ b/www/Changelog.html Sat Jul 22 15:40:00 2017 -0500
@@ -38,6 +38,16 @@
<p>2017-07-22 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">
+<li>coders/gray.c (WriteGRAYImage): Improve tracing and tidy up.</li>
+<li>coders/rgb.c (WriteRGBImage): Fix heap overwrite in raw RGB
+writer (all output subformats) given a multiframe sequence using
+different widths. Problem was reported by LCatro via email on
+July 18.</li>
+<li>coders/cmyk.c (WriteCMYKImage): Fix heap overwrite in raw CMYK
+writer (all output subformats) given a multiframe sequence using
+different widths. Also fix wrong output of CMYKA (and vice-versa)
+when CMYK was intended. Problem was reported by LCatro via email
+on July 18.</li>
<li>coders/palm.c: Disable the PALM writer since the writer is a
work in progress and still has implementation problems. Perhaps
no one in the world remains who cares about the undocumented PALM
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic