Missing checks in various coders.

[tianxiaogu]

Prerequisites

• I have written a descriptive issue title
• I have verified that I am using the latest version of ImageMagick
• I have searched open and closed issues to ensure it has not already been reported

Description

Based on the patch of ImageMagick/ImageMagick6@d5e7c2b, we found that many ReadXXXImage functions in coders/XXX.c miss the similar check against GetBlobSize(image). Hope this issue is helpful.

Known examples:

• dib
• pcx
• sgi
• pnm

Steps to Reproduce

A set of artifacts would be helpful. HANGS.zip

System Configuration

• ImageMagick version: HEAD
• Environment (Operating system, version and so on): Ubuntu 18.04 x86-64, clang-8
• Additional information:

[urban-warrior]

ImageMagick best practices strongly encourages you to configure a security policy that suits your local environment. Add these policies to your policy.xml configuration file:

  <policy domain="resource" name="width" value="10KP"/>
  <policy domain="resource" name="height" value="10KP"/>

With these policies, all your artifacts complete in a reasonable time with this exception:

convert: width or height exceeds limit id:000065,src:003779+007146,op:splice,rep:64' @ error/cache.c/OpenPixelCache/3699.`

In the mean-time, we will add additional checks for certain coders against the image file size as you suggest.

[urban-warrior]

Thanks for the problem report. We can reproduce it and will have a patch to fix it in GIT master branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://www.imagemagick.org/download/beta/ by sometime tomorrow.