From abde347b40bbbdb8ffbd5713318b9603b7575644 Mon Sep 17 00:00:00 2001 From: Cristy Date: Wed, 7 Feb 2018 18:19:31 -0500 Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6078 --- MagickCore/cache.c | 4 ++-- coders/xcf.c | 3 +++ config/english.xml | 10 +++++----- config/francais.xml | 10 +++++----- 4 files changed, 15 insertions(+), 12 deletions(-) diff --git a/MagickCore/cache.c b/MagickCore/cache.c index 21bcf4efe..1b030a0d3 100644 --- a/MagickCore/cache.c +++ b/MagickCore/cache.c @@ -1612,8 +1612,8 @@ static Cache GetImagePixelCache(Image *image,const MagickBooleanType clone, length=GetImageListLength(image); if (AcquireMagickResource(ListLengthResource,length) == MagickFalse) { - (void) ThrowMagickException(exception,GetMagickModule(),ImageError, - "ListLengthExceedsLimit","`%s'",image->filename); + (void) ThrowMagickException(exception,GetMagickModule(), + ResourceLimitError,"ListLengthExceedsLimit","`%s'",image->filename); return((Cache) NULL); } LockSemaphoreInfo(image->semaphore); diff --git a/coders/xcf.c b/coders/xcf.c index c45d78bbe..a257b2fa8 100644 --- a/coders/xcf.c +++ b/coders/xcf.c @@ -57,6 +57,7 @@ #include "MagickCore/property.h" #include "MagickCore/quantize.h" #include "MagickCore/quantum-private.h" +#include "MagickCore/resource_.h" #include "MagickCore/static.h" #include "MagickCore/string_.h" #include "MagickCore/module.h" @@ -1315,6 +1316,8 @@ static Image *ReadXCFImage(const ImageInfo *image_info,ExceptionInfo *exception) break; } } while (foundAllLayers == MagickFalse); + if (AcquireMagickResource(ListLengthResource,number_layers) == MagickFalse) + ThrowReaderException(ResourceLimitError,"ListLengthExceedsLimit"); doc_info.number_layers=number_layers; offset=SeekBlob(image,oldPos,SEEK_SET); /* restore the position! */ if (offset < 0) diff --git a/config/english.xml b/config/english.xml index 81bec7651..23041d51c 100644 --- a/config/english.xml +++ b/config/english.xml @@ -515,9 +515,6 @@ left and right image sizes differ - - list length exceeds limit - negative or zero image size @@ -1015,12 +1012,15 @@ - - pixel cache allocation failed + + list length exceeds limit memory allocation failed + + pixel cache allocation failed + too many objects diff --git a/config/francais.xml b/config/francais.xml index 5e94ab57f..3ce9c076f 100644 --- a/config/francais.xml +++ b/config/francais.xml @@ -525,9 +525,6 @@ différences dans les tailles des images gauche et droite - - list length exceeds limit - Taille d'image négative ou nulle @@ -1006,12 +1003,15 @@ - - Échec allocation du cache pixel + + list length exceeds limit Échec allocation mémoire + + Échec allocation du cache pixel + too many objects -- 2.40.0