File ImageMagick-xwd.c-update.patch of Package ImageMagick
Index: ImageMagick-7.0.7-34/coders/xwd.c
===================================================================
--- ImageMagick-7.0.7-34.orig/coders/xwd.c 2018-05-20 17:55:43.000000000 +0200
+++ ImageMagick-7.0.7-34/coders/xwd.c 2019-04-30 12:06:11.158174993 +0200
@@ -17,13 +17,13 @@
% July 1992 %
% %
% %
-% Copyright 1999-2018 ImageMagick Studio LLC, a non-profit organization %
+% Copyright 1999-2019 ImageMagick Studio LLC, a non-profit organization %
% dedicated to making software imaging solutions freely available. %
% %
% You may not use this file except in compliance with the License. You may %
% obtain a copy of the License at %
% %
-% https://www.imagemagick.org/script/license.php %
+% https://imagemagick.org/script/license.php %
% %
% Unless required by applicable law or agreed to in writing, software %
% distributed under the License is distributed on an "AS IS" BASIS, %
@@ -40,6 +40,7 @@
Include declarations.
*/
#include "MagickCore/studio.h"
+#include "MagickCore/attribute.h"
#include "MagickCore/blob.h"
#include "MagickCore/blob-private.h"
#include "MagickCore/cache.h"
@@ -236,27 +237,92 @@ static Image *ReadXWDImage(const ImageIn
if (header.file_version != XWD_FILE_VERSION)
ThrowReaderException(CorruptImageError,"FileFormatVersionMismatch");
if (header.header_size < sz_XWDheader)
- ThrowReaderException(CorruptImageError,"CorruptImage");
- switch (header.visual_class) {
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ if (header.xoffset >= header.pixmap_width)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ switch (header.visual_class)
+ {
case StaticGray:
case GrayScale:
+ {
+ if (header.bits_per_pixel != 1)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ break;
+ }
case StaticColor:
case PseudoColor:
+ {
+ if ((header.bits_per_pixel < 1) || (header.bits_per_pixel > 15) ||
+ (header.colormap_entries == 0))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ break;
+ }
case TrueColor:
case DirectColor:
+ {
+ if ((header.bits_per_pixel != 16) && (header.bits_per_pixel != 24) &&
+ (header.bits_per_pixel != 32))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
break;
- default:
- ThrowReaderException(CorruptImageError,"CorruptImage");
}
- switch (header.pixmap_format) {
+ default:
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ }
+ switch (header.pixmap_format)
+ {
case XYBitmap:
+ {
+ if (header.pixmap_depth != 1)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ break;
+ }
case XYPixmap:
case ZPixmap:
+ {
+ if ((header.pixmap_depth < 1) || (header.pixmap_depth > 32))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ switch (header.bitmap_pad)
+ {
+ case 8:
+ case 16:
+ case 32:
+ break;
+ default:
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ }
+ break;
+ }
+ default:
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ }
+ switch (header.bitmap_unit)
+ {
+ case 8:
+ case 16:
+ case 32:
+ break;
+ default:
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ }
+ switch (header.byte_order)
+ {
+ case LSBFirst:
+ case MSBFirst:
break;
default:
- ThrowReaderException(CorruptImageError,"CorruptImage");
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
}
- length=(size_t) header.header_size-sz_XWDheader;
+ switch (header.bitmap_bit_order)
+ {
+ case LSBFirst:
+ case MSBFirst:
+ break;
+ default:
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ }
+ if (((header.bitmap_pad % 8) != 0) || (header.bitmap_pad > 32))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ length=(size_t) (header.header_size-sz_XWDheader);
comment=(char *) AcquireQuantumMemory(length+1,sizeof(*comment));
if (comment == (char *) NULL)
ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
@@ -287,10 +353,11 @@ static Image *ReadXWDImage(const ImageIn
ximage->red_mask=header.red_mask;
ximage->green_mask=header.green_mask;
ximage->blue_mask=header.blue_mask;
- if ((ximage->width < 0) || (ximage->height < 0) || (ximage->depth < 0) ||
- (ximage->format < 0) || (ximage->byte_order < 0) ||
- (ximage->bitmap_bit_order < 0) || (ximage->bitmap_pad < 0) ||
- (ximage->bytes_per_line < 0))
+ if ((ximage->depth < 0) || (ximage->format < 0) || (ximage->xoffset < 0) ||
+ (ximage->width < 0) || (ximage->height < 0) || (ximage->bitmap_pad < 0) ||
+ (ximage->bytes_per_line < 0) || (ximage->byte_order < 0) ||
+ (ximage->bitmap_unit < 0) || (ximage->bitmap_bit_order < 0) ||
+ (ximage->bits_per_pixel < 0))
{
ximage=(XImage *) RelinquishMagickMemory(ximage);
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
@@ -477,18 +544,18 @@ static Image *ReadXWDImage(const ImageIn
for (x=0; x < (ssize_t) image->columns; x++)
{
pixel=XGetPixel(ximage,(int) x,(int) y);
- index=(Quantum) ((pixel >> red_shift) & red_mask);
- if (index < header.ncolors)
- SetPixelRed(image,ScaleShortToQuantum(
- colors[(ssize_t) index].red),q);
- index=(Quantum) ((pixel >> green_shift) & green_mask);
- if (index < header.ncolors)
- SetPixelGreen(image,ScaleShortToQuantum(
- colors[(ssize_t) index].green),q);
- index=(Quantum) ((pixel >> blue_shift) & blue_mask);
- if (index < header.ncolors)
- SetPixelBlue(image,ScaleShortToQuantum(
- colors[(ssize_t) index].blue),q);
+ index=(Quantum) ConstrainColormapIndex(image,(ssize_t) (pixel >>
+ red_shift) & red_mask,exception);
+ SetPixelRed(image,ScaleShortToQuantum(
+ colors[(ssize_t) index].red),q);
+ index=(Quantum) ConstrainColormapIndex(image,(ssize_t) (pixel >>
+ green_shift) & green_mask,exception);
+ SetPixelGreen(image,ScaleShortToQuantum(
+ colors[(ssize_t) index].green),q);
+ index=(Quantum) ConstrainColormapIndex(image,(ssize_t) (pixel >>
+ blue_shift) & blue_mask,exception);
+ SetPixelBlue(image,ScaleShortToQuantum(
+ colors[(ssize_t) index].blue),q);
q+=GetPixelChannels(image);
}
if (SyncAuthenticPixels(image,exception) == MagickFalse)
@@ -560,8 +627,8 @@ static Image *ReadXWDImage(const ImageIn
break;
for (x=0; x < (ssize_t) image->columns; x++)
{
- index=ConstrainColormapIndex(image,XGetPixel(ximage,(int) x,
- (int) y),exception);
+ index=(Quantum) ConstrainColormapIndex(image,(ssize_t)
+ XGetPixel(ximage,(int) x,(int) y),exception);
SetPixelIndex(image,index,q);
SetPixelViaPixelInfo(image,image->colormap+(ssize_t) index,q);
q+=GetPixelChannels(image);
@@ -708,6 +775,7 @@ static MagickBooleanType WriteXWDImage(c
scanline_pad;
ssize_t
+ count,
y;
unsigned char
@@ -733,6 +801,11 @@ static MagickBooleanType WriteXWDImage(c
status=OpenBlob(image_info,image,WriteBinaryBlobMode,exception);
if (status == MagickFalse)
return(status);
+ if ((image->columns != (CARD32) image->columns) ||
+ (image->rows != (CARD32) image->rows))
+ ThrowWriterException(ImageError,"WidthOrHeightExceedsLimit");
+ if ((image->storage_class == PseudoClass) && (image->colors > 256))
+ (void) SetImageType(image,TrueColorType,exception);
(void) TransformImageColorspace(image,sRGBColorspace,exception);
/*
Initialize XWD file header.
@@ -820,8 +893,8 @@ static MagickBooleanType WriteXWDImage(c
{
MSBOrderLong((unsigned char *) &colors[i].pixel,
sizeof(colors[i].pixel));
- MSBOrderShort((unsigned char *) &colors[i].red,
- 3*sizeof(colors[i].red));
+ MSBOrderShort((unsigned char *) &colors[i].red,3*
+ sizeof(colors[i].red));
}
}
for (i=0; i < (ssize_t) image->colors; i++)
@@ -831,7 +904,9 @@ static MagickBooleanType WriteXWDImage(c
color.green=colors[i].green;
color.blue=colors[i].blue;
color.flags=(CARD8) colors[i].flags;
- (void) WriteBlob(image,sz_XWDColor,(unsigned char *) &color);
+ count=WriteBlob(image,sz_XWDColor,(unsigned char *) &color);
+ if (count != (ssize_t) sz_XWDColor)
+ break;
}
colors=(XColor *) RelinquishMagickMemory(colors);
}
@@ -873,7 +948,10 @@ static MagickBooleanType WriteXWDImage(c
}
for (x=0; x < (ssize_t) scanline_pad; x++)
*q++='\0';
- (void) WriteBlob(image,(size_t) (q-pixels),pixels);
+ length=(size_t) (q-pixels);
+ count=WriteBlob(image,length,pixels);
+ if (count != (ssize_t) length)
+ break;
status=SetImageProgress(image,SaveImageTag,(MagickOffsetType) y,
image->rows);
if (status == MagickFalse)
@@ -881,6 +959,6 @@ static MagickBooleanType WriteXWDImage(c
}
pixels=(unsigned char *) RelinquishMagickMemory(pixels);
(void) CloseBlob(image);
- return(MagickTrue);
+ return(y < (ssize_t) image->rows ? MagickFalse : MagickTrue);
}
#endif
