You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1032 length=ReadBlobMSBShort(image);
1033 if (ReadRectangle(image,&frame) == MagickFalse)
1034 ThrowPICTException(CorruptImageError,"ImproperImageHeader");
1035 if (ReadPixmap(image,&pixmap) == MagickFalse)
1036 ThrowPICTException(CorruptImageError,"ImproperImageHeader");
...
1043 length=ReadBlobMSBShort(image);
1044 for (i=0; i <= (ssize_t) length; i++)
1045 (void) ReadBlobMSBLong(image);
1046 width=(size_t) (frame.bottom-frame.top);
1047 height=(size_t) (frame.right-frame.left);
...
1098 case 0x77:
1099 {
1100 /*
1101 Skip polygon or region.
1102 */
1103 length=ReadBlobMSBShort(image);
1104 for (i=0; i < (ssize_t) (length-2); i++)
1105 if (ReadBlobByte(image) == EOF)
1106 break;
1107 break;
1108 }
...
1220 if ((code == 0x91) || (code == 0x99) || (code == 0x9b))
1221 {
1222 /*
1223 Skip region.
1224 */
1225 length=ReadBlobMSBShort(image);
1226 for (i=0; i < (ssize_t) (length-2); i++)
1227 if (ReadBlobByte(image) == EOF)
1228 break;
1229 }
(coders/pict.c)
In my opinion, we should check whether length is bigger than GetBlobSize(image) or not. If condition length > GetBlobSize(image) satisfies, we should throw exception like ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile").
ImageMagick version: latest version
The text was updated successfully, but these errors were encountered:
Prerequisites
Description
There are two missing check for variable length.
(coders/dcm.c)
(coders/pict.c)
In my opinion, we should check whether
length
is bigger thanGetBlobSize(image)
or not. If conditionlength > GetBlobSize(image)
satisfies, we should throw exception likeThrowDCMException(CorruptImageError,"InsufficientImageDataInFile")
.The text was updated successfully, but these errors were encountered: