Skip to content
Permalink
Browse files Browse the repository at this point in the history
Prevent buffer overflow in BMP & SGI coders (bug report from pwchen&r…
…ayzhong of tencent)
  • Loading branch information
Cristy committed Aug 18, 2016
1 parent e7094d1 commit 7afcf9f
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 3 deletions.
2 changes: 1 addition & 1 deletion ChangeLog
@@ -1,5 +1,5 @@
2016-08-15 7.0.2-10 Cristy <quetzlzacatenango@image...>
* Prevent buffer overflow in BMP coder (bug report from
* Prevent buffer overflow in BMP & SGI coders (bug report from
pwchen&rayzhong of tencent).

2016-08-14 7.0.2-9 Cristy <quetzlzacatenango@image...>
Expand Down
6 changes: 4 additions & 2 deletions coders/sgi.c
Expand Up @@ -354,13 +354,15 @@ static Image *ReadSGIImage(const ImageInfo *image_info,ExceptionInfo *exception)
image->rows=iris_info.rows;
image->depth=(size_t) MagickMin(iris_info.depth,MAGICKCORE_QUANTUM_DEPTH);
if (iris_info.pixel_format == 0)
image->depth=(size_t) MagickMin((size_t) 8*
iris_info.bytes_per_pixel,MAGICKCORE_QUANTUM_DEPTH);
image->depth=(size_t) MagickMin((size_t) 8*iris_info.bytes_per_pixel,
MAGICKCORE_QUANTUM_DEPTH);
if (iris_info.depth < 3)
{
image->storage_class=PseudoClass;
image->colors=iris_info.bytes_per_pixel > 1 ? 65535 : 256;
}
if (EOFBlob(image) != MagickFalse)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if ((image_info->ping != MagickFalse) && (image_info->number_scenes != 0))
if (image->scene >= (image_info->scene+image_info->number_scenes-1))
break;
Expand Down

0 comments on commit 7afcf9f

Please sign in to comment.