From: Dirk Lemstra Date: Tue, 9 Jan 2018 23:39:15 +0000 (+0100) Subject: Fixed reading of an uninitialized value. X-Git-Tag: 7.0.7-22~121 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ce5cbbf21106729316cde57a18eff5725ac1ff88;p=imagemagick Fixed reading of an uninitialized value. Credit to OSS-Fuzz --- diff --git a/coders/wpg.c b/coders/wpg.c index d89d1c979..82bd9eaa8 100644 --- a/coders/wpg.c +++ b/coders/wpg.c @@ -750,6 +750,8 @@ static Image *ExtractPostscript(Image *image,const ImageInfo *image_info, unsigned char magick[2*MagickPathExtent]; + ssize_t + count; if ((clone_info=CloneImageInfo(image_info)) == NULL) return(image); @@ -764,7 +766,9 @@ static Image *ExtractPostscript(Image *image,const ImageInfo *image_info, /* Copy postscript to temporary file */ (void) SeekBlob(image,PS_Offset,SEEK_SET); - (void) ReadBlob(image, 2*MagickPathExtent, magick); + count=ReadBlob(image, 2*MagickPathExtent, magick); + if (count < 1) + ThrowReaderException(CorruptImageError,"ImproperImageHeader"); (void) SeekBlob(image,PS_Offset,SEEK_SET); while (PS_Size-- > 0) @@ -777,7 +781,7 @@ static Image *ExtractPostscript(Image *image,const ImageInfo *image_info, (void) fclose(ps_file); /* Detect file format - Check magic.mgk configuration file. */ - magic_info=GetMagicInfo(magick,2*MagickPathExtent,exception); + magic_info=GetMagicInfo(magick,count,exception); if(magic_info == (const MagicInfo *) NULL) goto FINISH_UNL; /* printf("Detected:%s \n",magic_info->name); */ if(exception->severity != UndefinedException) goto FINISH_UNL;