From 9c63f6d3aaa819f7aad5c0b951650f9a16ece410 Mon Sep 17 00:00:00 2001 From: Cristy Date: Sat, 24 Mar 2018 21:27:09 -0400 Subject: [PATCH] ... --- ChangeLog | 3 +++ coders/dcm.c | 6 ++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a50a0542d..815b5b50d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +2018-03-24 7.0.7-28 Cristy + * Release ImageMagick version 7.0.7-28, GIT revision 23594:9615da064:20180324. + 2018-03-21 7.0.7-28 * Fixed numerous use of uninitialized values, integer overflow, memory exceeded, and timeouts (credit to OSS Fuzz). diff --git a/coders/dcm.c b/coders/dcm.c index 34f796189..c8b50070b 100644 --- a/coders/dcm.c +++ b/coders/dcm.c @@ -3412,6 +3412,8 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) Samples per pixel. */ info.samples_per_pixel=(size_t) datum; + if ((info.samples_per_pixel == 0) || (info.samples_per_pixel > 4)) + ThrowDCMException(CorruptImageError,"ImproperImageHeader"); break; } case 0x0004: @@ -3791,7 +3793,7 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) { if (stream_info->offsets != (ssize_t *) NULL) stream_info->offsets=(ssize_t *) RelinquishMagickMemory( - stream_info->offsets); + stream_info->offsets); stream_info->offsets=(ssize_t *) AcquireQuantumMemory( stream_info->offset_count,sizeof(*stream_info->offsets)); if (stream_info->offsets == (ssize_t *) NULL) @@ -3908,7 +3910,7 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception) Compute pixel scaling table. */ length=(size_t) (GetQuantumRange(info.depth)+1); - if (length > GetBlobSize(image)) + if (length > GetBlobSize(image)) ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile"); info.scale=(Quantum *) AcquireQuantumMemory(MagickMax(length,256), sizeof(*info.scale)); -- 2.40.0