From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 23 Dec 2017 14:28:13 +0000 (-0500)
Subject: Check for EOF when reading a profile
X-Git-Tag: 7.0.7-16~33
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=04d6eb1cddf88b971dc878e6e530b94be4696737;p=imagemagick

Check for EOF when reading a profile
---

diff --git a/coders/jpeg.c b/coders/jpeg.c
index ec1aa2d8a..965b76783 100644
--- a/coders/jpeg.c
+++ b/coders/jpeg.c
@@ -425,7 +425,15 @@ static boolean ReadComment(j_decompress_ptr jpeg_info)
   error_manager->profile=comment;
   p=GetStringInfoDatum(comment);
   for (i=0; i < (ssize_t) GetStringInfoLength(comment); i++)
-    *p++=(unsigned char) GetCharacter(jpeg_info);
+  {
+    int
+      c;
+
+    c=GetCharacter(jpeg_info);
+    if (c == EOF)
+      break;
+    *p++=(unsigned char) c;
+  }
   *p='\0';
   error_manager->profile=NULL;
   p=GetStringInfoDatum(comment);
@@ -473,7 +481,8 @@ static boolean ReadICCProfile(j_decompress_ptr jpeg_info)
   if (length <= 14)
     {
       while (length-- > 0)
-        (void) GetCharacter(jpeg_info);
+        if (GetCharacter(jpeg_info) == EOF)
+          break;
       return(TRUE);
     }
   for (i=0; i < 12; i++)
@@ -484,7 +493,8 @@ static boolean ReadICCProfile(j_decompress_ptr jpeg_info)
         Not a ICC profile, return.
       */
       for (i=0; i < (ssize_t) (length-12); i++)
-        (void) GetCharacter(jpeg_info);
+        if (GetCharacter(jpeg_info) == EOF)
+          break;
       return(TRUE);
     }
   (void) GetCharacter(jpeg_info);  /* id */
@@ -503,7 +513,15 @@ static boolean ReadICCProfile(j_decompress_ptr jpeg_info)
   error_manager->profile=profile;
   p=GetStringInfoDatum(profile);
   for (i=(ssize_t) GetStringInfoLength(profile)-1; i >= 0; i--)
-    *p++=(unsigned char) GetCharacter(jpeg_info);
+  {
+    int
+      c;
+
+    c=GetCharacter(jpeg_info);
+    if (c == EOF)
+      break;
+    *p++=(unsigned char) c;
+  }
   error_manager->profile=NULL;
   icc_profile=(StringInfo *) GetImageProfile(image,"icc");
   if (icc_profile != (StringInfo *) NULL)
@@ -567,7 +585,8 @@ static boolean ReadIPTCProfile(j_decompress_ptr jpeg_info)
   if (length <= 14)
     {
       while (length-- > 0)
-        (void) GetCharacter(jpeg_info);
+        if (GetCharacter(jpeg_info) == EOF)
+          break;
       return(TRUE);
     }
   /*
@@ -585,14 +604,16 @@ static boolean ReadIPTCProfile(j_decompress_ptr jpeg_info)
         Not a IPTC profile, return.
       */
       for (i=0; i < (ssize_t) length; i++)
-        (void) GetCharacter(jpeg_info);
+        if (GetCharacter(jpeg_info) == EOF)
+          break;
       return(TRUE);
     }
   /*
     Remove the version number.
   */
   for (i=0; i < 4; i++)
-    (void) GetCharacter(jpeg_info);
+    if (GetCharacter(jpeg_info) == EOF)
+      break;
   if (length <= 11)
     return(TRUE);
   length-=4;
@@ -609,7 +630,15 @@ static boolean ReadIPTCProfile(j_decompress_ptr jpeg_info)
   error_manager->profile=profile;
   p=GetStringInfoDatum(profile);
   for (i=0;  i < (ssize_t) GetStringInfoLength(profile); i++)
-    *p++=(unsigned char) GetCharacter(jpeg_info);
+  {
+    int
+      c;
+
+    c=GetCharacter(jpeg_info);
+    if (c == EOF)
+      break;
+    *p++=(unsigned char) c;
+  }
   error_manager->profile=NULL;
   iptc_profile=(StringInfo *) GetImageProfile(image,"8bim");
   if (iptc_profile != (StringInfo *) NULL)
@@ -692,7 +721,15 @@ static boolean ReadProfile(j_decompress_ptr jpeg_info)
   error_manager->profile=profile;
   p=GetStringInfoDatum(profile);
   for (i=0; i < (ssize_t) GetStringInfoLength(profile); i++)
-    *p++=(unsigned char) GetCharacter(jpeg_info);
+  {
+    int
+      c;
+
+    c=GetCharacter(jpeg_info);
+    if (c == EOF)
+      break;
+    *p++=(unsigned char) c;
+  }
   error_manager->profile=NULL;
   if (marker == 1)
     {
diff --git a/coders/png.c b/coders/png.c
index 8ef7262cf..aa23431a6 100644
--- a/coders/png.c
+++ b/coders/png.c
@@ -5599,17 +5599,22 @@ static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info,
         if (memcmp(type,mng_DEFI,4) == 0)
           {
             if (mng_type == 3)
-              (void) ThrowMagickException(exception,GetMagickModule(),
-                CoderError,"DEFI chunk found in MNG-VLC datastream","`%s'",
-                image->filename);
+              {
+                (void) ThrowMagickException(exception,GetMagickModule(),
+                  CoderError,"DEFI chunk found in MNG-VLC datastream","`%s'",
+                  image->filename);
+                chunk=(unsigned char *) RelinquishMagickMemory(chunk);
+                continue;
+              }
 
             if (length < 2)
               {
                 chunk=(unsigned char *) RelinquishMagickMemory(chunk);
+                mng_info=MngInfoFreeStruct(mng_info);
                 ThrowReaderException(CorruptImageError,"CorruptImage");
               }
 
-            object_id=(p[0] << 8) | p[1];
+            object_id=((unsigned int) p[0] << 8) | (unsigned int) p[1];
 
             if (mng_type == 2 && object_id != 0)
               (void) ThrowMagickException(exception,GetMagickModule(),
diff --git a/configure b/configure
index 3aa9e80ef..b4ca14e12 100755
--- a/configure
+++ b/configure
@@ -4559,7 +4559,7 @@ MAGICK_PATCHLEVEL_VERSION=16
 
 MAGICK_VERSION=7.0.7-16
 
-MAGICK_GIT_REVISION=21932:4826fb4b8:20171217
+MAGICK_GIT_REVISION=21992:44d39e582:20171223
 
 
 # Substitute library versioning