https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5674

author Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)
author Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)
diff --git a/coders/tim.c b/coders/tim.c

index 1fe538919ab32405dde166d7293d55caba05f604..f6d69f3ec29f67e0d39d6194dbf5f4c01f1375bc 100644 (file)
--- a/coders/tim.c
+++ b/coders/tim.c
@@ -235,6 +235,8 @@ static Image *ReadTIMImage(const ImageInfo *image_info,ExceptionInfo *exception)
      width=ReadBlobLSBShort(image);
      height=ReadBlobLSBShort(image);
      image_size=2*width*height;
+    if (image_size > GetBlobSize(image))
+      ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
      bytes_per_line=width*2;
      width=(width*16)/bits_per_pixel;
      tim_pixels=(unsigned char *) AcquireQuantumMemory(image_size,
@@ -458,6 +460,7 @@ ModuleExport size_t RegisterTIMImage(void)
  
    entry=AcquireMagickInfo("TIM","TIM","PSX TIM");
    entry->decoder=(DecodeImageHandler *) ReadTIMImage;
+  entry->flags|=CoderDecoderSeekableStreamFlag;
    (void) RegisterMagickInfo(entry);
    return(MagickImageCoderSignature);
  }
author	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:49:44 +0000 (15:49 -0500)