CVS update of imagemagick/coders (sgi.c)
Luciano Bello
luciano-guest at alioth.debian.org
Mon Mar 19 22:40:08 CET 2007
Date: Monday, March 19, 2007 @ 21:40:08
Author: luciano-guest
Path: /cvsroot/pkg-gmagick/imagemagick/coders
Modified: sgi.c
Fixing segfault in sgi coder. Based on graphicsmagick 1.1.7-13
-------+
sgi.c | 35 ++++++++++++++++++++++++++++-------
1 files changed, 28 insertions(+), 7 deletions(-)
Index: imagemagick/coders/sgi.c
diff -u imagemagick/coders/sgi.c:1.1 imagemagick/coders/sgi.c:1.2
--- imagemagick/coders/sgi.c:1.1 Tue Feb 27 01:07:04 2007
+++ imagemagick/coders/sgi.c Mon Mar 19 21:40:08 2007
@@ -151,8 +151,9 @@
%
*/
-static void SGIDecode(const unsigned long width,const size_t bytes_per_pixel,
- unsigned char *max_packets,unsigned char *pixels)
+static int SGIDecode(const unsigned long width,const size_t bytes_per_pixel,
+ unsigned char *max_packets,unsigned char *pixels,
+ unsigned long npackets,unsigned long npixels)
{
register unsigned char
*p,
@@ -173,15 +174,21 @@
{
for ( i=0 ; ; )
{
+ if (npackets-- == 0)
+ return -1;
pixel=(unsigned long) (*p++) << 8;
pixel|=(*p++);
count=(ssize_t) (pixel & 0x7f);
i+=count;
if (count == 0 || i > (long) width)
break;
+ if (count > npixels)
+ return -1;
if ((pixel & 0x80) != 0)
for ( ; count != 0; count--)
{
+ if (npackets-- == 0)
+ return -1;
*q=(*p++);
*(q+1)=(*p++);
q+=8;
@@ -198,23 +205,31 @@
}
}
}
- return;
+ return 0;
}
for ( i=0 ; ; )
{
+ if (npackets-- == 0)
+ return -1;
pixel=(unsigned long) (*p++);
count=(ssize_t) (pixel & 0x7f);
+ if (count > npixels)
+ return -1;
i+=count;
if (count == 0 || i > (long) width)
break;
if ((pixel & 0x80) != 0)
for ( ; count != 0; count--)
{
+ if (npackets-- == 0)
+ return -1;
*q=(*p++);
q+=4;
}
else
{
+ if (npackets-- == 0)
+ return -1;
pixel=(unsigned long) (*p++);
for ( ; count != 0; count--)
{
@@ -223,6 +238,7 @@
}
}
}
+ return 0;
}
static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
@@ -434,8 +450,10 @@
if (EOFBlob(image) != MagickFalse)
break;
offset+=runlength[y+z*iris_info.rows];
- SGIDecode(iris_info.columns,bytes_per_pixel,max_packets,
- p+bytes_per_pixel*z);
+ if ( SGIDecode(iris_info.columns,bytes_per_pixel,max_packets,
+ p+bytes_per_pixel*z,runlength[y+z*iris_info.rows]/bytes_per_pixel,
+ iris_info.columns) == -1 )
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
p+=(iris_info.columns*4*bytes_per_pixel);
}
}
@@ -461,8 +479,11 @@
if (EOFBlob(image) != MagickFalse)
break;
offset+=runlength[y+z*iris_info.rows];
- SGIDecode(iris_info.columns,bytes_per_pixel,max_packets,
- p+bytes_per_pixel*z);
+ if (SGIDecode(iris_info.columns,bytes_per_pixel,max_packets,
+ p+bytes_per_pixel*z,
+ runlength[y+z*iris_info.rows]/bytes_per_pixel,
+ iris_info.columns) == -1)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
}
p+=(iris_info.columns*4*bytes_per_pixel);
}
More information about the pkg-gmagick-commit
mailing list