]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: fcc8d3b)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6077
authorCristy <urban-warrior@imagemagick.org>
Wed, 7 Feb 2018 22:53:37 +0000 (17:53 -0500)
committerCristy <urban-warrior@imagemagick.org>
Wed, 7 Feb 2018 22:53:37 +0000 (17:53 -0500)
coders/viff.c patch | blob | history

diff --git a/coders/viff.c b/coders/viff.c
index 34d7d2b7477599faa18fac8b8be584b843a88de6..4cbf264c8920c3795a9a4246497c5ce4ddebcbe3 100644 (file)
--- a/coders/viff.c
+++ b/coders/viff.c
@@ -418,6 +418,8 @@ static Image *ReadVIFFImage(const ImageInfo *image_info,
           ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         if (AcquireImageColormap(image,image->colors,exception) == MagickFalse)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+        if ((MagickSizeType) viff_info.map_rows > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         if ((MagickSizeType) viff_info.map_rows >
             (viff_info.map_rows*bytes_per_pixel*sizeof(*viff_colormap)))
           ThrowReaderException(CorruptImageError,"ImproperImageHeader");
Unnamed repository; edit this file 'description' to name the repository.