Avoid reading beyond the end of tEXt keyword while checking for Raw profile.

author glennrp <glennrp@git.imagemagick.org>

Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)

committer glennrp <glennrp@git.imagemagick.org>

Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)
author glennrp <glennrp@git.imagemagick.org>
Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)
committer glennrp <glennrp@git.imagemagick.org>
Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)
diff --git a/coders/png.c b/coders/png.c

index 9decb30ee181d666191bfbf7aa9134d4a3293f83..0c4aa719d546ce7b14e5c1a53bbc4542c57a8280 100644 (file)
--- a/coders/png.c
+++ b/coders/png.c
@@ -3604,7 +3604,8 @@ static Image *ReadOnePNGImage(MngInfo *mng_info,
            (void) LogMagickEvent(CoderEvent,GetMagickModule(),
              "    Reading PNG text chunk");
  
-        if (memcmp(text[i].key, "Raw profile type ",17) == 0)
+        if (strlen(text[i].key) > 16 &&
+            !memcmp(text[i].key, "Raw profile type ",17) == 0)
            {
              const char
                *value;
author	glennrp <glennrp@git.imagemagick.org>
	Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)
committer	glennrp <glennrp@git.imagemagick.org>
	Wed, 31 Dec 2014 17:38:12 +0000 (17:38 +0000)