From 23acdce3651447328c6ef71ede20ee60637ba39d Mon Sep 17 00:00:00 2001 From: Cristy Date: Sat, 1 Sep 2018 07:29:53 -0400 Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1286 --- coders/viff.c | 12 +++++++----- configure | 2 +- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/coders/viff.c b/coders/viff.c index 8b47d2135..caec8c791 100644 --- a/coders/viff.c +++ b/coders/viff.c @@ -327,6 +327,13 @@ static Image *ReadVIFFImage(const ImageInfo *image_info, (void) ReadBlobByte(image); if (EOFBlob(image) != MagickFalse) ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile"); + number_pixels=(MagickSizeType) viff_info.columns*viff_info.rows; + if (number_pixels > GetBlobSize(image)) + ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile"); + if (number_pixels != (size_t) number_pixels) + ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); + if (number_pixels == 0) + ThrowReaderException(CoderError,"ImageColumnOrRowSizeIsNotSupported"); image->columns=viff_info.rows; image->rows=viff_info.columns; image->depth=viff_info.x_bits_per_pixel <= 8 ? 8UL : @@ -340,11 +347,6 @@ static Image *ReadVIFFImage(const ImageInfo *image_info, /* Verify that we can read this VIFF image. */ - number_pixels=(MagickSizeType) viff_info.columns*viff_info.rows; - if (number_pixels != (size_t) number_pixels) - ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed"); - if (number_pixels == 0) - ThrowReaderException(CoderError,"ImageColumnOrRowSizeIsNotSupported"); if ((viff_info.number_data_bands < 1) || (viff_info.number_data_bands > 4)) ThrowReaderException(CorruptImageError,"ImproperImageHeader"); if ((viff_info.data_storage_type != VFF_TYP_BIT) && diff --git a/configure b/configure index 722223e1e..128452838 100755 --- a/configure +++ b/configure @@ -4555,7 +4555,7 @@ MAGICK_PATCHLEVEL_VERSION=12 MAGICK_VERSION=7.0.8-12 -MAGICK_GIT_REVISION=14730:fffaf4148:20180829 +MAGICK_GIT_REVISION=14736:9df54d695:20180901 # Substitute library versioning -- 2.40.0