Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent buffer overflow in BMP coder (bug report from pwchen of tence…
…nt).
  • Loading branch information
Cristy committed Aug 15, 2016
1 parent af0f058 commit 4cc6ec8
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
3 changes: 3 additions & 0 deletions ChangeLog
@@ -1,3 +1,6 @@
2016-08-15 7.0.2-10 Cristy <quetzlzacatenango@image...>
* Prevent buffer overflow in BMP coder (bug report from pwchen of tencent).

2016-08-14 7.0.2-9 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.2-9, GIT revision 18707:2c02f09:20160814.

Expand Down
5 changes: 4 additions & 1 deletion coders/bmp.c
Expand Up @@ -1682,10 +1682,13 @@ static MagickBooleanType WriteBMPImage(const ImageInfo *image_info,Image *image,
bmp_info.file_size+=extra_size;
bmp_info.offset_bits+=extra_size;
}
if ((image->columns != (signed int) image->columns) ||
(image->rows != (signed int) image->rows))
ThrowWriterException(ImageError,"WidthOrHeightExceedsLimit");
bmp_info.width=(ssize_t) image->columns;
bmp_info.height=(ssize_t) image->rows;
bmp_info.planes=1;
bmp_info.image_size=(unsigned int) (bytes_per_line*image->rows);
bmp_info.image_size=(unsigned long) (bytes_per_line*image->rows);
bmp_info.file_size+=bmp_info.image_size;
bmp_info.x_pixels=75*39;
bmp_info.y_pixels=75*39;
Expand Down

0 comments on commit 4cc6ec8

Please sign in to comment.