OSDN > Trouver un logiciel > graphicsmagick > SCM > hg > GM > Commit

graphicsmagick
Fork

GM: Commit

Main GraphicsMagick source repository

Révision	bda0789b88f20d629c7adc5d88b4eb951fe7ac69 (tree)
l'heure	2021-11-04 03:24:04
Auteur	Bob Friesenhahn <bfriesen@Grap...>
Commiter	Bob Friesenhahn

ReadTIFFImage(): Make sure that loops using TIFFReadScanline(), etc, do quit upon first reported error.

diff -r 6cdb3bd5f91d -r bda0789b88f2 ChangeLog

--- a/ChangeLog Wed Nov 03 11:39:32 2021 -0500

+++ b/ChangeLog Wed Nov 03 13:24:04 2021 -0500

		@@ -1,5 +1,11 @@
1	1	2021-11-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
2	2
	3	+ * coders/tiff.c (ReadTIFFImage): Make sure that loops using
	4	+ TIFFReadScanline(), etc, do quit upon first reported error. Fixes
	5	+ oss-fuzz 39167 "graphicsmagick:coder_BIGTIFF_fuzzer:
	6	+ Use-of-uninitialized-value in DisassociateAlphaRegion", as well as
	7	+ other such cases.
	8	+
3	9	* coders/png.c (png_get_data): On a short read, assure that the
4	10	remainder of the buffer is initialized just in case subsequent
5	11	code accesses it.

diff -r 6cdb3bd5f91d -r bda0789b88f2 coders/tiff.c

--- a/coders/tiff.c Wed Nov 03 11:39:32 2021 -0500

+++ b/coders/tiff.c Wed Nov 03 13:24:04 2021 -0500

		@@ -2590,9 +2590,9 @@
2590	2590	ThrowTIFFReaderException(ResourceLimitError,MemoryAllocationFailed,
2591	2591	image);
2592	2592	}
2593		- for (sample=0; sample < max_sample; sample++)
	2593	+ for (sample=0; (status != MagickFail) && (sample < max_sample); sample++)
2594	2594	{
2595		- for (y=0; y < image->rows; y++)
	2595	+ for (y=0; (status != MagickFail) && (y < image->rows); y++)
2596	2596	{
2597	2597	if (sample == 0)
2598	2598	q=SetImagePixelsEx(image,0,y,image->columns,1,exception);

		@@ -2610,6 +2610,13 @@
2610	2610	*/
2611	2611	if (TIFFReadScanline(tiff,(char *) scanline,(uint32) y,sample) == -1)
2612	2612	{
	2613	+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
	2614	+ "TIFFReadScanline() failed!");
	2615	+ status=MagickFail;
	2616	+ break;
	2617	+ }
	2618	+ if (image->exception.severity >= ErrorException)
	2619	+ {
2613	2620	status=MagickFail;
2614	2621	break;
2615	2622	}

		@@ -2781,7 +2788,7 @@
2781	2788	/*
2782	2789	Process each plane
2783	2790	*/
2784		- for (sample=0; sample < max_sample; sample++)
	2791	+ for (sample=0; (status != MagickFail) && (sample < max_sample); sample++)
2785	2792	{
2786	2793	rows_remaining=0;
2787	2794	/*

		@@ -2797,7 +2804,7 @@
2797	2804	status=MagickFail;
2798	2805	break;
2799	2806	}
2800		- for (y=0; y < image->rows; y++)
	2807	+ for (y=0; (status != MagickFail) && (y < image->rows); y++)
2801	2808	{
2802	2809	/*
2803	2810	Access Magick pixels.

		@@ -3030,7 +3037,7 @@
3030	3037	/*
3031	3038	Process each plane.
3032	3039	*/
3033		- for (sample=0; sample < max_sample; sample++)
	3040	+ for (sample=0; (status != MagickFail) && (sample < max_sample); sample++)
3034	3041	{
3035	3042	/*
3036	3043	Determine quantum parse method.

		@@ -3044,9 +3051,9 @@
3044	3051	status=MagickFail;
3045	3052	break;
3046	3053	}
3047		- for (y=0; y < image->rows; y+=tile_rows)
	3054	+ for (y=0; (status != MagickFail) && (y < image->rows); y+=tile_rows)
3048	3055	{
3049		- for (x=0; x < image->columns; x+=tile_columns)
	3056	+ for (x=0; (status != MagickFail) && (x < image->columns); x+=tile_columns)
3050	3057	{
3051	3058	long
3052	3059	tile_set_columns,

		@@ -3084,7 +3091,7 @@
3084	3091	SwabDataToBigEndian(bits_per_sample,tile,tile_size);
3085	3092	#endif
3086	3093	p=tile;
3087		- for (yy=y; yy < (long) y+tile_set_rows; yy++)
	3094	+ for (yy=y; (status != MagickFail) && (yy < (long) y+tile_set_rows); yy++)
3088	3095	{
3089	3096	/*
3090	3097	Obtain pixel region corresponding to tile row.

		@@ -3217,7 +3224,7 @@
3217	3224	*/
3218	3225	i=0;
3219	3226	p=0;
3220		- for (y=0; y < image->rows; y++)
	3227	+ for (y=0; (status != MagickFail) && (y < image->rows); y++)
3221	3228	{
3222	3229	q=SetImagePixelsEx(image,0,y,image->columns,1,exception);
3223	3230	if (q == (PixelPacket *) NULL)

		@@ -3239,7 +3246,7 @@
3239	3246	}
3240	3247	i--;
3241	3248	p=strip_pixels+(size_t) image->columns*i;
3242		- for (x=0; x < image->columns; x++)
	3249	+ for (x=0; (status != MagickFail) && (x < image->columns); x++)
3243	3250	{
3244	3251	q->red=ScaleCharToQuantum(TIFFGetR(*p));
3245	3252	q->green=ScaleCharToQuantum(TIFFGetG(*p));

		@@ -3385,7 +3392,7 @@
3385	3392	ThrowTIFFReaderException(ResourceLimitError,MemoryAllocationFailed,
3386	3393	image);
3387	3394	}
3388		- for (y=0; y < image->rows; y+=tile_rows)
	3395	+ for (y=0; (status != MagickFail) && (y < image->rows); y+=tile_rows)
3389	3396	{
3390	3397	/*
3391	3398	Retrieve a tile height's worth of rows

		@@ -3411,7 +3418,7 @@
3411	3418	status=MagickFail;
3412	3419	break;
3413	3420	}
3414		- for (x=0; x < image->columns; x+=tile_columns)
	3421	+ for (x=0; (status != MagickFail) && (x < image->columns); x+=tile_columns)
3415	3422	{
3416	3423	register unsigned int
3417	3424	tile_column,

		@@ -5904,7 +5911,7 @@
5904	5911	/*
5905	5912	For each plane
5906	5913	*/
5907		- for (sample=0; sample < max_sample; sample++)
	5914	+ for (sample=0; (status != MagickFail) && (sample < max_sample); sample++)
5908	5915	{
5909	5916	/*
5910	5917	Determine quantum parse method.

		@@ -5918,7 +5925,7 @@
5918	5925	status=MagickFail;
5919	5926	break;
5920	5927	}
5921		- for (y=0; y < image->rows; y++)
	5928	+ for (y=0; (status != MagickFail) && (y < image->rows); y++)
5922	5929	{
5923	5930	if ((image->matte) && (alpha_type == AssociatedAlpha))
5924	5931	p=GetImagePixels(image,0,y,image->columns,1);

		@@ -6105,7 +6112,7 @@
6105	6112	/*
6106	6113	Process each plane.
6107	6114	*/
6108		- for (sample=0; sample < max_sample; sample++)
	6115	+ for (sample=0; (status != MagickFail) && (sample < max_sample); sample++)
6109	6116	{
6110	6117	/*
6111	6118	Determine quantum parse method.

		@@ -6119,9 +6126,9 @@
6119	6126	status=MagickFail;
6120	6127	break;
6121	6128	}
6122		- for (y=0; y < image->rows; y+=tile_rows)
	6129	+ for (y=0; (status != MagickFail) && (y < image->rows); y+=tile_rows)
6123	6130	{
6124		- for (x=0; x < image->columns; x+=tile_columns)
	6131	+ for (x=0; (status != MagickFail) && (x < image->columns); x+=tile_columns)
6125	6132	{
6126	6133	const PixelPacket
6127	6134	*p;

		@@ -6149,7 +6156,7 @@
6149	6156	tile_set_rows=tile_rows;
6150	6157
6151	6158	q=tile;
6152		- for (yy=y; yy < (long) y+tile_set_rows; yy++)
	6159	+ for (yy=y; (status != MagickFail) && (yy < (long) y+tile_set_rows); yy++)
6153	6160	{
6154	6161	/*
6155	6162	Obtain pixel region corresponding to tile row.

diff -r 6cdb3bd5f91d -r bda0789b88f2 www/Changelog.html

--- a/www/Changelog.html Wed Nov 03 11:39:32 2021 -0500

+++ b/www/Changelog.html Wed Nov 03 13:24:04 2021 -0500

		@@ -37,6 +37,11 @@
37	37
38	38	<p>2021-11-03 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p>
39	39	<blockquote>
	40	+<p>* coders/tiff.c (ReadTIFFImage): Make sure that loops using
	41	+TIFFReadScanline(), etc, do quit upon first reported error. Fixes
	42	+oss-fuzz 39167 "graphicsmagick:coder_BIGTIFF_fuzzer:
	43	+Use-of-uninitialized-value in DisassociateAlphaRegion", as well as
	44	+other such cases.</p>
40	45	<p>* coders/png.c (png_get_data): On a short read, assure that the
41	46	remainder of the buffer is initialized just in case subsequent
42	47	code accesses it.</p>