]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 19b96ba)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7182
authorCristy <urban-warrior@imagemagick.org>
Thu, 29 Mar 2018 23:15:08 +0000 (19:15 -0400)
committerCristy <urban-warrior@imagemagick.org>
Thu, 29 Mar 2018 23:15:08 +0000 (19:15 -0400)
coders/heic.c patch | blob | history

diff --git a/coders/heic.c b/coders/heic.c
index fd30d1c6cafe124d0c6b6a0d0a041e94c613d90d..e5a30bf6c3aea4f649ced4c0a9a0ad4a79a01de8 100644 (file)
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -452,7 +452,7 @@ static MagickBooleanType ParseIinfAtom(Image *image, DataBuffer *db,
   ctx->idsCount = count;
   if (ctx->itemInfo != (HEICItemInfo *) NULL)
     ctx->itemInfo=(HEICItemInfo *) RelinquishMagickMemory(ctx->itemInfo);
-  if (DBGetSize(db) < (8*count))
+  if ((8.0*count) > (double)DBGetSize(db))
     ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
       image->filename);
   ctx->itemInfo = (HEICItemInfo *)AcquireMagickMemory(sizeof(HEICItemInfo)*(count+1));
@@ -539,7 +539,7 @@ static MagickBooleanType ParseIpmaAtom(Image *image, DataBuffer *db,
 
     assoc_count = DBReadUChar(db);
 
-    if (assoc_count > MAX_ASSOCS_COUNT) {
+    if (assoc_count >= MAX_ASSOCS_COUNT) {
       ThrowAndReturn("too many associations");
     }
 
Unnamed repository; edit this file 'description' to name the repository.