-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy path10147.diff
133 lines (119 loc) · 5.14 KB
/
10147.diff
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
changeset: 15786:84d561c2fad5
user: Bob Friesenhahn <[email protected]>
date: Thu Sep 06 08:58:49 2018 -0500
summary: ExtractTileJPG(): Enforce that JPEG tiles are read by the JPEG coder.
diff -r 3860127dcda2 -r 84d561c2fad5 ChangeLog
--- a/ChangeLog Tue Sep 04 08:12:11 2018 -0500
+++ b/ChangeLog Thu Sep 06 08:58:49 2018 -0500
@@ -1,3 +1,12 @@
+2018-09-06 Bob Friesenhahn <[email protected]>
+
+ * coders/dcm.c (DCM_ReadElement): Add more size checks.
+
+ * coders/jnx.c (ExtractTileJPG): Enforce that JPEG tiles are read
+ by the JPEG coder. Fixes oss-fuzz 10147
+ "graphicsmagick/coder_JNX_fuzzer: Use-of-uninitialized-value in
+ funcDCM_PhotometricInterpretation". (Credit to OSS-Fuzz)
+
2018-09-10 Fojtik Jaroslav <[email protected]>
* coders/wpg.c Zero fill raster error recovery.
diff -r 3860127dcda2 -r 84d561c2fad5 VisualMagick/installer/inc/version.isx
--- a/VisualMagick/installer/inc/version.isx Tue Sep 04 08:12:11 2018 -0500
+++ b/VisualMagick/installer/inc/version.isx Thu Sep 06 08:58:49 2018 -0500
@@ -10,5 +10,5 @@
#define public MagickPackageName "GraphicsMagick"
#define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020180910"
-#define public MagickPackageReleaseDate "snapshot-20180910"
+#define public MagickPackageVersionAddendum ".020180906"
+#define public MagickPackageReleaseDate "snapshot-20180906"
diff -r 3860127dcda2 -r 84d561c2fad5 coders/dcm.c
--- a/coders/dcm.c Tue Sep 04 08:12:11 2018 -0500
+++ b/coders/dcm.c Thu Sep 06 08:58:49 2018 -0500
@@ -3033,18 +3033,18 @@
static MagickPassFail funcDCM_PhotometricInterpretation(Image *image,DicomStream *dcm,ExceptionInfo *exception)
{
char photometric[MaxTextExtent];
- int i;
+ unsigned int i;
ARG_NOT_USED(image);
ARG_NOT_USED(exception);
- if (dcm->data == (unsigned char *) NULL)
+ if ((dcm->data == (unsigned char *) NULL) || (dcm->length == 0))
{
ThrowException(exception,CorruptImageError,ImproperImageHeader,image->filename);
return MagickFail;
}
- for (i=0; i < (long) Min(dcm->length, MaxTextExtent-1); i++)
+ for (i=0; i < Min(dcm->length, MaxTextExtent-1); i++)
photometric[i]=dcm->data[i];
photometric[i]='\0';
@@ -3688,6 +3688,11 @@
return MagickFail;
}
size=MagickArraySize(dcm->quantum,dcm->length);
+ if (size == 0)
+ {
+ ThrowException(exception,CorruptImageError,ImproperImageHeader,image->filename);
+ return MagickFail;
+ }
if (ReadBlob(image,size,(char *) dcm->data) != size)
{
ThrowException(exception,CorruptImageError,UnexpectedEndOfFile,image->filename);
diff -r 3860127dcda2 -r 84d561c2fad5 coders/jnx.c
--- a/coders/jnx.c Tue Sep 04 08:12:11 2018 -0500
+++ b/coders/jnx.c Thu Sep 06 08:58:49 2018 -0500
@@ -123,9 +123,15 @@
Image
*image2;
+ ImageInfo
+ *clone_info;
+
+ clone_info=CloneImageInfo(image_info);
+
/* BlobToFile("/tmp/jnx-tile.jpg", blob,alloc_size,exception); */
- if ((image2 = BlobToImage(image_info,blob,alloc_size,exception))
+ (void) strlcpy(clone_info->filename,"JPEG:",sizeof(clone_info->filename));
+ if ((image2 = BlobToImage(clone_info,blob,alloc_size,exception))
!= NULL)
{
/*
@@ -156,6 +162,8 @@
AppendImageToList(&image, image2);
}
+ DestroyImageInfo(clone_info);
+ clone_info = (ImageInfo *) NULL;
}
else
{
diff -r 3860127dcda2 -r 84d561c2fad5 magick/version.h
--- a/magick/version.h Tue Sep 04 08:12:11 2018 -0500
+++ b/magick/version.h Thu Sep 06 08:58:49 2018 -0500
@@ -38,8 +38,8 @@
#define MagickLibVersion 0x211801
#define MagickLibVersionText "1.4"
#define MagickLibVersionNumber 21,18,1
-#define MagickChangeDate "20180910"
-#define MagickReleaseDate "snapshot-20180910"
+#define MagickChangeDate "20180906"
+#define MagickReleaseDate "snapshot-20180906"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
diff -r 3860127dcda2 -r 84d561c2fad5 www/Changelog.html
--- a/www/Changelog.html Tue Sep 04 08:12:11 2018 -0500
+++ b/www/Changelog.html Thu Sep 06 08:58:49 2018 -0500
@@ -35,6 +35,16 @@
<div class="document">
+<p>2018-09-06 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
+<blockquote>
+<ul class="simple">
+<li>coders/dcm.c (DCM_ReadElement): Add more size checks.</li>
+<li>coders/jnx.c (ExtractTileJPG): Enforce that JPEG tiles are read
+by the JPEG coder. Fixes oss-fuzz 10147
+"graphicsmagick/coder_JNX_fuzzer: Use-of-uninitialized-value in
+funcDCM_PhotometricInterpretation". (Credit to OSS-Fuzz)</li>
+</ul>
+</blockquote>
<p>2018-09-10 Fojtik Jaroslav <<a class="reference external" href="mailto:JaFojtik%40seznam.cz">JaFojtik<span>@</span>seznam<span>.</span>cz</a>></p>
<blockquote>
<ul class="simple">