Support pixel-cache and shred security policies

diff --git a/ChangeLog b/ChangeLog
index 5e33e4a8374156ba915b00ade43a468439994ee5..e42dddcf12e0bc864d05324a004586960b8f0511 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
   * Prevent random pixel data for corrupt JPEG image (bug report from
     Hirokazu Moriguchi, Sony).
   * Restore -mattecolor option.
+  * Support pixel-cache and shred security policies.
 
 2017-02-14  7.0.4-9 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.4-9, GIT revision 19580:d474b37:20170214.

diff --git a/MagickCore/cache.c b/MagickCore/cache.c
index a22adb483ed4a0db80533d2b0f1dd2d09f05e9b4..c7f112449ebd885f5078fdb9621906cc7a108ffe 100644 (file)
--- a/MagickCore/cache.c
+++ b/MagickCore/cache.c
@@ -3478,14 +3478,40 @@ static MagickBooleanType OpenPixelCache(Image *image,const MapMode mode,
     cache_info->metacontent_extent);
   if ((status != MagickFalse) && (length == (MagickSizeType) ((size_t) length)))
     {
+      static ssize_t
+        anonymous_pixel_cache = (-1);
+
+      if (anonymous_pixel_cache < 0)
+        {
+          char
+            *value;
+
+          /*
+            Does the security policy require anonymous mapping for pixel cache?
+          */
+          anonymous_pixel_cache=0;
+          value=GetPolicyValue("pixel-cache");
+          if (LocaleCompare(value,"anonymous") == 0)
+            anonymous_pixel_cache=1;
+          value=DestroyString(value);
+        }
       status=AcquireMagickResource(MemoryResource,cache_info->length);
       if (((cache_info->type == UndefinedCache) && (status != MagickFalse)) ||
           (cache_info->type == MemoryCache))
         {
           status=MagickTrue;
-          cache_info->mapped=MagickFalse;
-          cache_info->pixels=(Quantum *) MagickAssumeAligned(
-            AcquireAlignedMemory(1,(size_t) cache_info->length));
+          if (anonymous_pixel_cache == 0)
+            {
+              cache_info->mapped=MagickFalse;
+              cache_info->pixels=(Quantum *) MagickAssumeAligned(
+                AcquireAlignedMemory(1,(size_t) cache_info->length));
+            }
+          else
+            {
+              cache_info->mapped=MagickTrue;
+              cache_info->pixels=(Quantum *) MapBlob(-1,IOMode,0,(size_t)
+                cache_info->length);
+            }
           if (cache_info->pixels == (Quantum *) NULL)
             cache_info->pixels=source_info.pixels;
           else

diff --git a/MagickCore/utility.c b/MagickCore/utility.c
index 2e48a7530aee951e8a5a528b8e01e517ba8197e9..ebe8d5d675b397167c903646a9b855c01b596ec8 100644 (file)
--- a/MagickCore/utility.c
+++ b/MagickCore/utility.c
@@ -1826,7 +1826,9 @@ MagickPrivate MagickBooleanType ShredFile(const char *path)
 
   if ((path == (const char *) NULL) || (*path == '\0'))
     return(MagickFalse);
-  passes=GetEnvironmentValue("MAGICK_SHRED_PASSES");
+  passes=GetPolicyValue("shred");
+  if (passes == (char *) NULL)
+    passes=GetEnvironmentValue("MAGICK_SHRED_PASSES");
   if (passes == (char *) NULL)
     {
       /*

diff --git a/config/policy.xml b/config/policy.xml
index a09c4a959d0d8e87a8549c0704211f712c6ee0de..64fcae9401690dd42d1a55eb969913ba1955aae7 100644 (file)
--- a/config/policy.xml
+++ b/config/policy.xml
@@ -68,6 +68,8 @@
   <!-- <policy domain="resource" name="throttle" value="0"/> -->
   <!-- <policy domain="resource" name="time" value="3600"/> -->
   <!-- <policy domain="system" name="precision" value="6"/> -->
+  <!-- <policy domain="system" name="pixel-cache" value="anonymous"/> -->
+  <!-- <policy domain="system" name="shred" value="2"/> -->
   <!-- <policy domain="coder" rights="none" pattern="MVG" /> -->
   <!-- <policy domain="delegate" rights="none" pattern="HTTPS" /> -->
   <!-- <policy domain="path" rights="none" pattern="@*" /> -->