]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 2e7404c)
Added extra check (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5800).
authorDirk Lemstra <dirk@git.imagemagick.org>
Mon, 19 Mar 2018 22:01:21 +0000 (23:01 +0100)
committerDirk Lemstra <dirk@git.imagemagick.org>
Mon, 19 Mar 2018 22:01:21 +0000 (23:01 +0100)
coders/pcx.c patch | blob | history

diff --git a/coders/pcx.c b/coders/pcx.c
index 0c99a5e6e36d54c0c9d566cd570157162e58e6f9..e56afd134e563c40a10de793f80d29c61d912fd5 100644 (file)
--- a/coders/pcx.c
+++ b/coders/pcx.c
@@ -405,6 +405,8 @@ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception)
     if ((size_t) (pcx_info.bits_per_pixel*pcx_info.planes*image->columns) >
         (pcx_packets*8U))
       ThrowPCXException(CorruptImageError,"ImproperImageHeader");
+    if ((MagickSizeType) pcx_packets > GetBlobSize(image))
+      ThrowPCXException(CorruptImageError,"ImproperImageHeader");
     scanline=(unsigned char *) AcquireQuantumMemory(MagickMax(image->columns,
       pcx_info.bytes_per_line),MagickMax(8,pcx_info.planes)*sizeof(*scanline));
     pixel_info=AcquireVirtualMemory(pcx_packets,2*sizeof(*pixels));
Unnamed repository; edit this file 'description' to name the repository.