[prev in list] [next in list] [prev in thread] [next in thread]
List: graphicsmagick-commit
Subject: [GM-commit] GraphicsMagick: MagickGetToken(): Fix stack read overflow when p...
From: GraphicsMagick Commits <graphicsmagick-commit () lists ! sourceforge ! net>
Date: 2018-09-26 13:33:26
Message-ID: mailman.20933.1537968815.1387.graphicsmagick-commit () lists ! sourceforge ! net
[Download RAW message or body]
changeset 709e7ed55c6a in /hg/GraphicsMagick
details: http://hg.GraphicsMagick.org/hg/GraphicsMagick?cmd=changeset;node=709e7ed55c6a
summary: MagickGetToken(): Fix stack read overflow when parsing url.
diffstat:
ChangeLog | 9 ++++++++-
VisualMagick/installer/inc/version.isx | 4 ++--
magick/utility.c | 2 +-
magick/version.h | 4 ++--
www/Changelog.html | 11 ++++++++++-
5 files changed, 23 insertions(+), 7 deletions(-)
diffs (81 lines):
diff -r 678a9cbcb255 -r 709e7ed55c6a ChangeLog
--- a/ChangeLog Sat Sep 22 17:18:11 2018 -0500
+++ b/ChangeLog Wed Sep 26 08:33:23 2018 -0500
@@ -1,7 +1,14 @@
+2018-09-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+
+ * magick/utility.c (MagickGetToken): Fix possible read up to four
+ bytes beyond end of stack allocated token buffer. Fixes oss-fuzz
+ 10653 "graphicsmagick/coder_MVG_fuzzer: Stack-buffer-overflow in
+ MagickGetToken". (Credit to OSS-Fuzz)
+
2018-09-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* fuzzing/coder_fuzzer.cc (LLVMFuzzerTestOneInput): Limit the
- maximum number of JPEG progressive scanlines to 50.
+ maximum number of JPEG progressive scans to 50.
* coders/jpeg.c (ReadJPEGImage): Apply a default limit of 100
progressive scans before the reader quits with an error. This
diff -r 678a9cbcb255 -r 709e7ed55c6a VisualMagick/installer/inc/version.isx
--- a/VisualMagick/installer/inc/version.isx Sat Sep 22 17:18:11 2018 -0500
+++ b/VisualMagick/installer/inc/version.isx Wed Sep 26 08:33:23 2018 -0500
@@ -10,5 +10,5 @@
#define public MagickPackageName "GraphicsMagick"
#define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020180922"
-#define public MagickPackageReleaseDate "snapshot-20180922"
+#define public MagickPackageVersionAddendum ".020180926"
+#define public MagickPackageReleaseDate "snapshot-20180926"
diff -r 678a9cbcb255 -r 709e7ed55c6a magick/utility.c
--- a/magick/utility.c Sat Sep 22 17:18:11 2018 -0500
+++ b/magick/utility.c Wed Sep 26 08:33:23 2018 -0500
@@ -3876,7 +3876,7 @@
((r = strrchr(token,')')) != NULL))
{
*r='\0';
- (void) memmove(token,token+5,r-token+1);
+ (void) memmove(token,token+5,r-token-4);
}
}
if (end != (char **) NULL)
diff -r 678a9cbcb255 -r 709e7ed55c6a magick/version.h
--- a/magick/version.h Sat Sep 22 17:18:11 2018 -0500
+++ b/magick/version.h Wed Sep 26 08:33:23 2018 -0500
@@ -38,8 +38,8 @@
#define MagickLibVersion 0x211801
#define MagickLibVersionText "1.4"
#define MagickLibVersionNumber 21,18,1
-#define MagickChangeDate "20180922"
-#define MagickReleaseDate "snapshot-20180922"
+#define MagickChangeDate "20180926"
+#define MagickReleaseDate "snapshot-20180926"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
diff -r 678a9cbcb255 -r 709e7ed55c6a www/Changelog.html
--- a/www/Changelog.html Sat Sep 22 17:18:11 2018 -0500
+++ b/www/Changelog.html Wed Sep 26 08:33:23 2018 -0500
@@ -35,11 +35,20 @@
<div class="document">
+<p>2018-09-26 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>magick/utility.c (MagickGetToken): Fix possible read up to four
+bytes beyond end of stack allocated token buffer. Fixes oss-fuzz
+10653 "graphicsmagick/coder_MVG_fuzzer: Stack-buffer-overflow in
+MagickGetToken". (Credit to OSS-Fuzz)</li>
+</ul>
+</blockquote>
<p>2018-09-22 Bob Friesenhahn <<a class="reference external" \
href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span> \
4;</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
<blockquote>
<ul class="simple">
<li>fuzzing/coder_fuzzer.cc (LLVMFuzzerTestOneInput): Limit the
-maximum number of JPEG progressive scanlines to 50.</li>
+maximum number of JPEG progressive scans to 50.</li>
<li>coders/jpeg.c (ReadJPEGImage): Apply a default limit of 100
progressive scans before the reader quits with an error. This
limit may be adjusted using the -define mechanism like -define
_______________________________________________
Graphicsmagick-commit mailing list
Graphicsmagick-commit@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/graphicsmagick-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic