Skip to content

Commit db0add9

Browse files
author
Cristy
committed
Prevent infinite loop
1 parent 6a7ac23 commit db0add9

File tree

1 file changed

+6
-7
lines changed

1 file changed

+6
-7
lines changed

Diff for: coders/bmp.c

+6-7
Original file line numberDiff line numberDiff line change
@@ -660,7 +660,7 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
660660
bmp_info.x_pixels=ReadBlobLSBLong(image);
661661
bmp_info.y_pixels=ReadBlobLSBLong(image);
662662
bmp_info.number_colors=ReadBlobLSBLong(image);
663-
if (bmp_info.number_colors > GetBlobSize(image))
663+
if ((MagickSizeType) bmp_info.number_colors > GetBlobSize(image))
664664
ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
665665
bmp_info.colors_important=ReadBlobLSBLong(image);
666666
if (image->debug != MagickFalse)
@@ -1444,13 +1444,12 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
14441444
if (image_info->number_scenes != 0)
14451445
if (image->scene >= (image_info->scene+image_info->number_scenes-1))
14461446
break;
1447+
offset=(MagickOffsetType) bmp_info.ba_offset;
1448+
if (offset != 0)
1449+
if ((offset < TellBlob(image)) ||
1450+
(SeekBlob(image,offset,SEEK_SET) != offset))
1451+
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
14471452
*magick='\0';
1448-
if (bmp_info.ba_offset != 0)
1449-
{
1450-
offset=SeekBlob(image,(MagickOffsetType) bmp_info.ba_offset,SEEK_SET);
1451-
if (offset < 0)
1452-
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
1453-
}
14541453
count=ReadBlob(image,2,magick);
14551454
if ((count == 2) && (IsBMP(magick,2) != MagickFalse))
14561455
{

0 commit comments

Comments
 (0)