Permalink
Browse files

Prevent infinite loop

  • Loading branch information...
Cristy
Cristy committed Dec 7, 2018
1 parent 6a7ac23 commit db0add932fb850d762b02604ca3053b7d7ab6deb
Showing with 6 additions and 7 deletions.
  1. +6 −7 coders/bmp.c
@@ -660,7 +660,7 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
bmp_info.x_pixels=ReadBlobLSBLong(image);
bmp_info.y_pixels=ReadBlobLSBLong(image);
bmp_info.number_colors=ReadBlobLSBLong(image);
if (bmp_info.number_colors > GetBlobSize(image))
if ((MagickSizeType) bmp_info.number_colors > GetBlobSize(image))
ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
bmp_info.colors_important=ReadBlobLSBLong(image);
if (image->debug != MagickFalse)
@@ -1444,13 +1444,12 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
if (image_info->number_scenes != 0)
if (image->scene >= (image_info->scene+image_info->number_scenes-1))
break;
offset=(MagickOffsetType) bmp_info.ba_offset;
if (offset != 0)
if ((offset < TellBlob(image)) ||
(SeekBlob(image,offset,SEEK_SET) != offset))
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
*magick='\0';
if (bmp_info.ba_offset != 0)
{
offset=SeekBlob(image,(MagickOffsetType) bmp_info.ba_offset,SEEK_SET);
if (offset < 0)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
}
count=ReadBlob(image,2,magick);
if ((count == 2) && (IsBMP(magick,2) != MagickFalse))
{

0 comments on commit db0add9

Please sign in to comment.