2016-08-15 7.0.2-10 Cristy <quetzlzacatenango@image...>
* Prevent buffer overflow in BMP & SGI coders (bug report from
pwchen&rayzhong of tencent).
+ * Prevent buffer overflow in SIXEL, PDB, MAP, and CALS coders (bug report
+ from Donghai Zhu).
2016-08-14 7.0.2-9 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.2-9, GIT revision 18707:2c02f09:20160814.
Write colormap to file.
*/
q=colormap;
- if (image->depth <= 8)
+ q=colormap;
+ if (image->colors <= 256)
for (i=0; i < (ssize_t) image->colors; i++)
{
- *q++=(unsigned char) image->colormap[i].red;
- *q++=(unsigned char) image->colormap[i].green;
- *q++=(unsigned char) image->colormap[i].blue;
+ *q++=(unsigned char) ScaleQuantumToChar(image->colormap[i].red);
+ *q++=(unsigned char) ScaleQuantumToChar(image->colormap[i].green);
+ *q++=(unsigned char) ScaleQuantumToChar(image->colormap[i].blue);
}
else
for (i=0; i < (ssize_t) image->colors; i++)
{
- *q++=(unsigned char) ((size_t) image->colormap[i].red >> 8);
- *q++=(unsigned char) image->colormap[i].red;
- *q++=(unsigned char) ((size_t) image->colormap[i].green >> 8);
- *q++=(unsigned char) image->colormap[i].green;
- *q++=(unsigned char) ((size_t) image->colormap[i].blue >> 8);
- *q++=(unsigned char) image->colormap[i].blue;
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].red) >> 8);
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].red) & 0xff);
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].green) >> 8);
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].green) & 0xff);;
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].blue) >> 8);
+ *q++=(unsigned char) (ScaleQuantumToShort(image->colormap[i].blue) & 0xff);
}
(void) WriteBlob(image,packet_size*image->colors,colormap);
colormap=(unsigned char *) RelinquishMagickMemory(colormap);
buffer=(unsigned char *) AcquireQuantumMemory(512,sizeof(*buffer));
if (buffer == (unsigned char *) NULL)
ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
- packet_size=(size_t) (image->depth > 8 ? 2: 1);
+ packet_size=(size_t) (image->depth > 8 ? 2 : 1);
scanline=(unsigned char *) AcquireQuantumMemory(image->columns,packet_size*
sizeof(*scanline));
if (scanline == (unsigned char *) NULL)
quantum_info=AcquireQuantumInfo(image_info,image);
if (quantum_info == (QuantumInfo *) NULL)
ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
+ status=SetQuantumDepth(image,quantum_info,image->depth > 8 ? 16 : 8);
bits=8/(int) bits_per_pixel-1; /* start at most significant bits */
literal=0;
repeat=0;
imsx = 2048;
imsy = 2048;
- imbuf = (unsigned char *) AcquireQuantumMemory(imsx * imsy,1);
+ imbuf = (unsigned char *) AcquireQuantumMemory(imsx , imsy);
if (imbuf == NULL) {
return(MagickFalse);
sixel_palet[n] = SIXEL_RGB(255, 255, 255);
}
- (void) ResetMagickMemory(imbuf, background_color_index, imsx * imsy);
+ (void) ResetMagickMemory(imbuf, background_color_index, (size_t) imsx * imsy);
while (*p != '\0') {
if ((p[0] == '\033' && p[1] == 'P') || *p == 0x90) {
if (imsx < attributed_ph || imsy < attributed_pv) {
dmsx = imsx > attributed_ph ? imsx : attributed_ph;
dmsy = imsy > attributed_pv ? imsy : attributed_pv;
- dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1);
+ dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx , dmsy);
if (dmbuf == (unsigned char *) NULL) {
imbuf = (unsigned char *) RelinquishMagickMemory(imbuf);
return (MagickFalse);
}
- (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy);
+ (void) ResetMagickMemory(dmbuf, background_color_index, (size_t) dmsx * dmsy);
for (y = 0; y < imsy; ++y) {
(void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx);
}
dmsx = nx;
dmsy = ny;
- dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1);
+ dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx , dmsy);
if (dmbuf == (unsigned char *) NULL) {
imbuf = (unsigned char *) RelinquishMagickMemory(imbuf);
return (MagickFalse);
}
- (void) ResetMagickMemory(dmbuf, background_color_index, dmsx * dmsy);
+ (void) ResetMagickMemory(dmbuf, background_color_index, (size_t) dmsx * dmsy);
for (y = 0; y < imsy; ++y) {
(void) CopyMagickMemory(dmbuf + dmsx * y, imbuf + imsx * y, imsx);
}
c <<= 1;
}
for (y = posision_y + i; y < posision_y + i + n; ++y) {
- (void) ResetMagickMemory(imbuf + imsx * y + posision_x, color_index, repeat_count);
+ (void) ResetMagickMemory(imbuf + (size_t) imsx * y + posision_x, color_index, repeat_count);
}
if (max_x < (posision_x + repeat_count - 1)) {
max_x = posision_x + repeat_count - 1;
if (imsx > max_x || imsy > max_y) {
dmsx = max_x;
dmsy = max_y;
- if ((dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx * dmsy,1)) == NULL) {
+ if ((dmbuf = (unsigned char *) AcquireQuantumMemory(dmsx , dmsy)) == NULL) {
imbuf = (unsigned char *) RelinquishMagickMemory(imbuf);
return (MagickFalse);
}
(void) SetImageType(huffman_image,BilevelType,exception);
write_info=CloneImageInfo((ImageInfo *) NULL);
SetImageInfoFile(write_info,file);
- (void) SetImageType(image,BilevelType,exception);
(void) SetImageDepth(image,1,exception);
+ (void) SetImageType(image,BilevelType,exception);
write_info->compression=Group4Compression;
write_info->type=BilevelType;
(void) SetImageOption(write_info,"quantum:polarity","min-is-white");
projects / imagemagick / commitdiff