From: Cristy Date: Sat, 8 Sep 2018 13:49:48 +0000 (-0400) Subject: https://github.com/ImageMagick/ImageMagick/issues/1295 X-Git-Tag: 7.0.8-12~81 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d843df088db5833ed0198078eecf5e7239369578;p=imagemagick https://github.com/ImageMagick/ImageMagick/issues/1295 --- diff --git a/coders/dib.c b/coders/dib.c index 6b2ecc061..26257d9a6 100644 --- a/coders/dib.c +++ b/coders/dib.c @@ -590,6 +590,8 @@ static Image *ReadDIBImage(const ImageInfo *image_info,ExceptionInfo *exception) UndefinedPixelTrait; if ((dib_info.number_colors > 256) || (dib_info.colors_important > 256)) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); + if ((dib_info.image_size != 0U) && (dib_info.image_size > GetBlobSize(image))) + ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16)) { size_t @@ -1016,6 +1018,7 @@ ModuleExport size_t RegisterDIBImage(void) entry->magick=(IsImageFormatHandler *) IsDIB; entry->flags^=CoderAdjoinFlag; entry->flags|=CoderStealthFlag; + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("DIB","ICODIB", "Microsoft Windows 3.X Packed Device-Independent Bitmap"); @@ -1023,6 +1026,7 @@ ModuleExport size_t RegisterDIBImage(void) entry->magick=(IsImageFormatHandler *) IsDIB; entry->flags^=CoderAdjoinFlag; entry->flags|=CoderStealthFlag; + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); return(MagickImageCoderSignature); } diff --git a/coders/pcx.c b/coders/pcx.c index 4609a41e3..984252588 100644 --- a/coders/pcx.c +++ b/coders/pcx.c @@ -335,6 +335,8 @@ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception) pcx_info.bottom=ReadBlobLSBShort(image); pcx_info.horizontal_resolution=ReadBlobLSBShort(image); pcx_info.vertical_resolution=ReadBlobLSBShort(image); + if (EOFBlob(image) != MagickFalse) + ThrowPCXException(CorruptImageError,"UnexpectedEndOfFile"); /* Read PCX raster colormap. */ @@ -354,6 +356,8 @@ static Image *ReadPCXImage(const ImageInfo *image_info,ExceptionInfo *exception) if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; + if ((MagickOffsetType) (image->columns*image->rows/255) > GetBlobSize(image)) + ThrowPCXException(CorruptImageError,"InsufficientImageDataInFile"); status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) ThrowPCXException(exception->severity,exception->reason); diff --git a/coders/pnm.c b/coders/pnm.c index 9fbadd539..09eee0dac 100644 --- a/coders/pnm.c +++ b/coders/pnm.c @@ -440,6 +440,8 @@ static Image *ReadPNMImage(const ImageInfo *image_info,ExceptionInfo *exception) if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; + if ((MagickOffsetType) (image->columns*image->rows/8) > GetBlobSize(image)) + ThrowPNMException(CorruptImageError,"InsufficientImageDataInFile"); status=SetImageExtent(image,image->columns,image->rows,exception); if (status == MagickFalse) { @@ -1423,33 +1425,39 @@ ModuleExport size_t RegisterPNMImage(void) entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->mime_type=ConstantString("image/x-portable-pixmap"); + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("PNM","PBM", "Portable bitmap format (black and white)"); entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->mime_type=ConstantString("image/x-portable-bitmap"); + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("PNM","PFM","Portable float format"); entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->flags|=CoderEndianSupportFlag; + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("PNM","PGM","Portable graymap format (gray scale)"); entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->mime_type=ConstantString("image/x-portable-greymap"); + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("PNM","PNM","Portable anymap"); entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->magick=(IsImageFormatHandler *) IsPNM; entry->mime_type=ConstantString("image/x-portable-pixmap"); + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); entry=AcquireMagickInfo("PNM","PPM","Portable pixmap format (color)"); entry->decoder=(DecodeImageHandler *) ReadPNMImage; entry->encoder=(EncodeImageHandler *) WritePNMImage; entry->mime_type=ConstantString("image/x-portable-pixmap"); + entry->flags|=CoderDecoderSeekableStreamFlag; (void) RegisterMagickInfo(entry); return(MagickImageCoderSignature); } diff --git a/coders/sgi.c b/coders/sgi.c index ce051a10b..38fd2b152 100644 --- a/coders/sgi.c +++ b/coders/sgi.c @@ -373,6 +373,8 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception) if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0)) if (image->scene >= (image_info->scene+image_info->number_scenes-1)) break; + if ((MagickOffsetType) (image->columns*image->rows/255) > GetBlobSize(image)) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); status=SetImageExtent(image,image->columns,image->rows,exception); if (status != MagickFalse) status=ResetImagePixels(image,exception);