dib_info.y_pixels=ReadBlobLSBLong(image);
dib_info.number_colors=ReadBlobLSBLong(image);
dib_info.colors_important=ReadBlobLSBLong(image);
+ if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
+ (dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
+ (dib_info.bits_per_pixel != 24) && (dib_info.bits_per_pixel != 32))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if ((dib_info.compression == BI_BITFIELDS) &&
((dib_info.bits_per_pixel == 16) || (dib_info.bits_per_pixel == 32)))
{
dib_info.green_mask=ReadBlobLSBLong(image);
dib_info.blue_mask=ReadBlobLSBLong(image);
}
+ if (EOFBlob(image) != MagickFalse)
+ ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
if (dib_info.width <= 0)
ThrowReaderException(CorruptImageError,"NegativeOrZeroImageSize");
if (dib_info.height == 0)
image->depth=8;
image->alpha_trait=dib_info.bits_per_pixel == 32 ? BlendPixelTrait :
UndefinedPixelTrait;
+ if ((dib_info.number_colors > 256) || (dib_info.colors_important > 256))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16))
{
size_t
unsigned short
word;
/*
- Convert PseudoClass packet to DIB pixel.
+ Convert PseudoClass packet to DIB pixel.
*/
for (y=0; y < (ssize_t) image->rows; y++)
{
}
if (LocaleCompare(write_info->magick,"GIF87") != 0)
{
+ const char
+ *value;
+
/*
Write graphics control extension.
*/
(void) WriteBlobByte(image,(unsigned char) (opacity >= 0 ? opacity :
0));
(void) WriteBlobByte(image,(unsigned char) 0x00);
+ value=GetImageProperty(image,"comment",exception);
if ((LocaleCompare(write_info->magick,"GIF87") != 0) &&
- (GetImageProperty(image,"comment",exception) != (const char *) NULL))
+ (value != (const char *) NULL))
{
- const char
- *value;
-
register const char
*p;
*/
(void) WriteBlobByte(image,(unsigned char) 0x21);
(void) WriteBlobByte(image,(unsigned char) 0xfe);
- value=GetImageProperty(image,"comment",exception);
for (p=value; *p != '\0'; )
{
count=MagickMin(strlen(p),255);
/*
Determine if this a PDB image file.
*/
- count=ReadBlob(image,32,(unsigned char *) pdb_info.name);
+ count=ReadBlob(image,sizeof(pdb_info.name),(unsigned char *) pdb_info.name);
+ if (count != sizeof(pdb_info.name))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
pdb_info.attributes=(short) ReadBlobMSBShort(image);
pdb_info.version=(short) ReadBlobMSBShort(image);
pdb_info.create_time=ReadBlobMSBLong(image);
/*
Read image header.
*/
- count=ReadBlob(image,32,(unsigned char *) pdb_image.name);
+ count=ReadBlob(image,sizeof(pdb_image.name),(unsigned char *) pdb_image.name);
+ if (count != sizeof(pdb_image.name))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
pdb_image.version=ReadBlobByte(image);
pdb_image.type=(unsigned char) ((int) ReadBlobByte(image));
pdb_image.reserved_1=ReadBlobMSBLong(image);
} else {
bits_per_pixel=4;
}
- (void) ResetMagickMemory(pdb_info.name,0,32);
- (void) CopyMagickString(pdb_info.name,image_info->filename,32);
+ (void) ResetMagickMemory(&pdb_info.name,0,sizeof(pdb_info));
+ (void) CopyMagickString(pdb_info.name,image_info->filename,
+ sizeof(pdb_info.name));
pdb_info.attributes=0;
pdb_info.version=0;
pdb_info.create_time=time(NULL);
pdb_info.next_record=0;
comment=GetImageProperty(image,"comment",exception);
pdb_info.number_records=(comment == (const char *) NULL ? 1 : 2);
- (void) WriteBlob(image,32,(unsigned char *) pdb_info.name);
+ (void) WriteBlob(image,sizeof(pdb_info.name),(unsigned char *) pdb_info.name);
(void) WriteBlobMSBShort(image,(unsigned short) pdb_info.attributes);
(void) WriteBlobMSBShort(image,(unsigned short) pdb_info.version);
(void) WriteBlobMSBLong(image,(unsigned int) pdb_info.create_time);
(void) WriteBlobMSBLong(image,(unsigned int) pdb_info.seed);
(void) WriteBlobMSBLong(image,(unsigned int) pdb_info.next_record);
(void) WriteBlobMSBShort(image,(unsigned short) pdb_info.number_records);
- (void) CopyMagickString(pdb_image.name,pdb_info.name,32);
+ (void) CopyMagickString(pdb_image.name,pdb_info.name,sizeof(pdb_image.name));
pdb_image.version=1; /* RLE Compressed */
switch (bits_per_pixel)
{
/*
Write the Image data.
*/
- (void) WriteBlob(image,32,(unsigned char *) pdb_image.name);
+ (void) WriteBlob(image,sizeof(pdb_image.name),(unsigned char *)
+ pdb_image.name);
(void) WriteBlobByte(image,(unsigned char) pdb_image.version);
(void) WriteBlobByte(image,pdb_image.type);
(void) WriteBlobMSBLong(image,(unsigned int) pdb_image.reserved_1);
projects / imagemagick / commitdiff