Reject PNG file that is too small (under 60 bytes) to contain a valid image

author Glenn Randers-Pehrson <glennrp@gmail.com>

Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)

committer Glenn Randers-Pehrson <glennrp@gmail.com>

Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)
author Glenn Randers-Pehrson <glennrp@gmail.com>
Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)
committer Glenn Randers-Pehrson <glennrp@gmail.com>
Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)
diff --git a/ChangeLog b/ChangeLog

index 00aea84de05c2cbe13c0213792144c86416e3469..4d78c5c157fd1f5f28373ba5bc0e08bb987c3488 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,8 @@
-2017-06-10  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
+2017-07-02  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
+  * Reject PNG file that is too small (under 60 bytes) to contain
+  a valid image
+
+2017-06-22  7.0.6-1 Glenn Randers-Pehrson <glennrp@image...>
    * Stop a memory leak in read_user_chunk_callback() (reference
      https://github.com/ImageMagick/ImageMagick/issues/517).
  
diff --git a/coders/png.c b/coders/png.c

index 91026369484266a2d71432646f6f49155e460f9c..da931859e6656b94c0de25d7eca2c007c3f2c29c 100644 (file)
--- a/coders/png.c
+++ b/coders/png.c
@@ -4135,6 +4135,13 @@ static Image *ReadPNGImage(const ImageInfo *image_info,
    if (count < 8 || memcmp(magic_number,"\211PNG\r\n\032\n",8) != 0)
      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
  
+  /*
+     Verify that file size large enough to contain a PNG datastream
+     if using a seekable blob
+  */
+  if (IsBlobSeekable(image) && GetBlobSize(image) < 61)
+    ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
+
    /*
      Allocate a MngInfo structure.
    */
author	Glenn Randers-Pehrson <glennrp@gmail.com>
	Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)
committer	Glenn Randers-Pehrson <glennrp@gmail.com>
	Sun, 2 Jul 2017 23:37:47 +0000 (19:37 -0400)
ChangeLog		patch \| blob \| history
coders/png.c		patch \| blob \| history