From: Cristy Date: Mon, 19 Mar 2018 00:54:58 +0000 (-0400) Subject: ... X-Git-Tag: 7.0.7-28~71 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d89a3f5a8948f884685a5bef35ebedf92ff3b0c2;p=imagemagick ... --- diff --git a/coders/dib.c b/coders/dib.c index 8d1a72c43..1aa33b5a4 100644 --- a/coders/dib.c +++ b/coders/dib.c @@ -190,6 +190,9 @@ static MagickBooleanType DecodeImage(Image *image, q=pixels+number_pixels; for (y=0; y < (ssize_t) image->rows; ) { + MagickBooleanType + status; + if ((p < pixels) || (p >= q)) break; count=ReadBlobByte(image); @@ -197,10 +200,10 @@ static MagickBooleanType DecodeImage(Image *image, break; if (count > 0) { - count=(int) MagickMin((size_t) count,(size_t) (q-p)); /* Encoded mode. */ + count=(int) MagickMin((size_t) count,(size_t) (q-p)); byte=ReadBlobByte(image); if (byte == EOF) break; @@ -223,6 +226,8 @@ static MagickBooleanType DecodeImage(Image *image, Escape mode. */ count=ReadBlobByte(image); + if (count == EOF) + break; if (count == 0x01) return(MagickTrue); switch (count) @@ -242,8 +247,14 @@ static MagickBooleanType DecodeImage(Image *image, /* Delta mode. */ - x+=ReadBlobByte(image); - y+=ReadBlobByte(image); + byte=ReadBlobByte(image); + if (byte == EOF) + break; + x+=byte; + byte=ReadBlobByte(image); + if (byte == EOF) + break; + y+=byte; p=pixels+y*image->columns+x; break; } @@ -253,6 +264,8 @@ static MagickBooleanType DecodeImage(Image *image, Absolute mode. */ count=(int) MagickMin((size_t) count,(size_t) (q-p)); + if (count < 0) + break; if (compression == BI_RLE8) for (i=0; i < (ssize_t) count; i++) { @@ -291,12 +304,14 @@ static MagickBooleanType DecodeImage(Image *image, } } } - if (SetImageProgress(image,LoadImageTag,(MagickOffsetType) y,image->rows) == MagickFalse) + status=SetImageProgress(image,LoadImageTag,(MagickOffsetType) y, + image->rows); + if (status == MagickFalse) break; } (void) ReadBlobByte(image); /* end of line */ (void) ReadBlobByte(image); - return(MagickTrue); + return(y < (ssize_t) image->rows ? MagickFalse : MagickTrue); } /*