[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: 2 new changesets
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2017-07-25 23:38:46
Message-ID: mailman.7738.1501025936.2635.graphicsmagick-commit () lists ! sourceforge ! net
[Download RAW message or body]
changeset bf29bf09fde9 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=bf29bf09fde9
summary: ReadMNGImage(): Free partly-read chunk
changeset d1e56efb0162 in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=d1e56efb0162
summary: coders/png.c: Removed some redundant checks for chunk length before calling
diffstat:
ChangeLog | 8 ++++++++
coders/png.c | 45 ++++++++++++++++++---------------------------
2 files changed, 26 insertions(+), 27 deletions(-)
diffs (161 lines):
diff -r d076c1cae88b -r d1e56efb0162 ChangeLog
--- a/ChangeLog Tue Jul 25 07:02:27 2017 -0400
+++ b/ChangeLog Tue Jul 25 19:38:39 2017 -0400
@@ -1,3 +1,11 @@
+2017-07-25 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us>
+
+ * coders/png.c (ReadMNGImage) Free chunk allocation that remains
+ after attempting to read a truncated file.
+ * coders/png.c: Removed some redundant checks for chunk length
+ before MagickFreeMemory(chunk), which is safe to call with a
+ NULL argument.
+
2017-07-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* coders/pcl.c (WritePCLImage): Fix null pointer dereference in
diff -r d076c1cae88b -r d1e56efb0162 coders/png.c
--- a/coders/png.c Tue Jul 25 07:02:27 2017 -0400
+++ b/coders/png.c Tue Jul 25 19:38:39 2017 -0400
@@ -2906,8 +2906,7 @@
ImageInfo **color_image_info,
Image **alpha_image,ImageInfo **alpha_image_info)
{
- if (chunk)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
if (*color_image_info)
{
DestroyImageInfo(*color_image_info);
@@ -3179,8 +3178,7 @@
jng_alpha_interlace_method);
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
if (jng_width > 65535 || jng_height > 65535 ||
(long) jng_width > GetMagickResourceLimit(WidthResource) ||
@@ -3346,8 +3344,7 @@
(void) WriteBlobMSBULong(alpha_image,
crc32(crc32(0,data,4),chunk,length));
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
@@ -3366,16 +3363,14 @@
(void) WriteBlob(alpha_image,length,(char *) chunk);
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
if (!memcmp(type,mng_JSEP,4))
{
read_JSEP=MagickTrue;
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
@@ -3453,8 +3448,7 @@
image->page.y/=10000;
}
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
@@ -3479,14 +3473,12 @@
if (!memcmp(type,mng_iCCP,4))
{
/* To do. */
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
#endif
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
if (memcmp(type,mng_IEND,4))
continue;
@@ -3975,6 +3967,7 @@
image);
if (ReadBlob(image,length,chunk) < length)
{
+ MagickFree(chunk);
MngInfoFreeStruct(mng_info,&have_mng_structure);
ThrowReaderException(CorruptImageError,CorruptImage,image);
}
@@ -4002,13 +3995,15 @@
mng_info->dhdr_warning++;
}
if (!memcmp(type,mng_MEND,4))
- break;
+ {
+ MagickFreeMemory(chunk);
+ break;
+ }
if (skip_to_iend)
{
if (!memcmp(type,mng_IEND,4))
skip_to_iend=MagickFalse;
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
if (logging)
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
" Skip to IEND.");
@@ -4371,8 +4366,7 @@
/*
Read global iCCP.
*/
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
if (!memcmp(type,mng_FRAM,4))
@@ -4570,8 +4564,7 @@
mng_info->ob[i]->frozen=MagickTrue;
#endif
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
@@ -4596,8 +4589,7 @@
MngInfoDiscardObject(mng_info,i);
}
}
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
if (!memcmp(type,mng_MOVE,4))
@@ -4934,8 +4926,7 @@
)
{
/* Not an IHDR or JHDR chunk */
- if (length)
- MagickFreeMemory(chunk);
+ MagickFreeMemory(chunk);
continue;
}
/* Process IHDR */
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic