From: Dirk Lemstra Date: Sat, 1 Jul 2017 05:49:25 +0000 (+0200) Subject: Fixed parsing the 8BIM profile in the PSD decoder. X-Git-Tag: 7.0.6-1~104 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=95a6836e0c728c44c7cdb0d1e75cbc5edbf1a570;p=imagemagick Fixed parsing the 8BIM profile in the PSD decoder. --- diff --git a/coders/psd.c b/coders/psd.c index 5f1cd82d3..f0f1ee646 100644 --- a/coders/psd.c +++ b/coders/psd.c @@ -742,9 +742,11 @@ static void ParseImageResourceBlocks(Image *image, StringInfo *profile; + unsigned char + name_length; + unsigned int - count, - long_sans; + count; unsigned short id, @@ -756,15 +758,20 @@ static void ParseImageResourceBlocks(Image *image, SetStringInfoDatum(profile,blocks); (void) SetImageProfile(image,"8bim",profile,exception); profile=DestroyStringInfo(profile); - for (p=blocks; (p >= blocks) && (p < (blocks+length-16)); ) + for (p=blocks; (p >= blocks) && (p < (blocks+length-7)); ) { if (LocaleNCompare((const char *) p,"8BIM",4) != 0) break; - p=PushLongPixel(MSBEndian,p,&long_sans); + p+=4; p=PushShortPixel(MSBEndian,p,&id); - p=PushShortPixel(MSBEndian,p,&short_sans); + p=PushCharPixel(p,&name_length); + if (name_length % 2 == 0) + name_length++; + p+=name_length; + if (p > (blocks+length-4)) + return; p=PushLongPixel(MSBEndian,p,&count); - if ((p+count) > (blocks+length-16)) + if ((p+count) > (blocks+length)) return; switch (id) { @@ -779,6 +786,8 @@ static void ParseImageResourceBlocks(Image *image, /* Resolution info. */ + if (count < 16) + return; p=PushShortPixel(MSBEndian,p,&resolution); image->resolution.x=(double) resolution; (void) FormatLocaleString(value,MagickPathExtent,"%g",image->resolution.x); @@ -798,7 +807,7 @@ static void ParseImageResourceBlocks(Image *image, } case 0x0421: { - if (*(p+4) == 0) + if ((count > 3) && (*(p+4) == 0)) *has_merged_image=MagickFalse; p+=count; break;