https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12158

author Cristy <urban-warrior@imagemagick.org>

Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)
author Cristy <urban-warrior@imagemagick.org>
Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)
diff --git a/MagickCore/cache.c b/MagickCore/cache.c

index b4f9b9e8b3617a5761d31032d54e39ff415d843f..f29cafd4c53c966e3ab8b39935a6d1354f8e0094 100644 (file)
--- a/MagickCore/cache.c
+++ b/MagickCore/cache.c
@@ -3761,7 +3761,10 @@ static MagickBooleanType OpenPixelCache(Image *image,const MapMode mode,
                  cache_info->length);
              }
            if (cache_info->pixels == (Quantum *) NULL)
-            cache_info->pixels=source_info.pixels;
+            {
+              cache_info->mapped=source_info.mapped;
+              cache_info->pixels=source_info.pixels;
+            }
            else
              {
                /*
diff --git a/coders/dcm.c b/coders/dcm.c

index cc638989983721e0543ed6585746249e48dd3d10..2a75e1342cbffc5dd62f16e82d1d9d161908ce50 100644 (file)
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -2961,11 +2961,11 @@ static MagickBooleanType ReadDCMPixels(Image *image,DCMInfo *info,
            if (info->scale != (Quantum *) NULL)
              {
                if ((MagickSizeType) pixel.red <= GetQuantumRange(info->depth))
-                pixel.red=info->scale[pixel.red];
+                pixel.red=(unsigned int) info->scale[pixel.red];
                if ((MagickSizeType) pixel.green <= GetQuantumRange(info->depth))
-                pixel.green=info->scale[pixel.green];
+                pixel.green=(unsigned int) info->scale[pixel.green];
                if ((MagickSizeType) pixel.blue <= GetQuantumRange(info->depth))
-                pixel.blue=info->scale[pixel.blue];
+                pixel.blue=(unsigned int) info->scale[pixel.blue];
              }
          }
        if (first_segment != MagickFalse)
@@ -3994,7 +3994,14 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
                ThrowDCMException(ResourceLimitError,"MemoryAllocationFailed");
              for (i=0; i < (ssize_t) stream_info->offset_count; i++)
              {
-              stream_info->offsets[i]=(ssize_t) ReadBlobLSBSignedLong(image);
+              MagickOffsetType
+                offset;
+
+              offset=(MagickOffsetType) ReadBlobLSBSignedLong(image);
+              if (offset > (MagickOffsetType) GetBlobSize(image))
+                ThrowDCMException(CorruptImageError,
+                  "InsufficientImageDataInFile");
+              stream_info->offsets[i]=(ssize_t) offset;
                if (EOFBlob(image) != MagickFalse)
                  break;
              }
author	Cristy <urban-warrior@imagemagick.org>
	Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Sun, 23 Dec 2018 00:38:49 +0000 (19:38 -0500)
MagickCore/cache.c		patch \| blob \| history
coders/dcm.c		patch \| blob \| history