Skip to content

Null pointer deference in function ReadPANGOImage in coders/pango.c #1515

Closed
@YangY-Xiao

Description

@YangY-Xiao

Prerequisites

  • [ Y ] I have written a descriptive issue title
  • [ Y ] I have verified that I am using the latest version of ImageMagick
  • [ Y ] I have searched open and closed issues to ensure it has not already been reported

Description

There is a null pointer deference vulnerablity in function ReadPANGOImage in coders/pango.c

  option=GetImageOption(image_info,"filename");
  if (option == (const char *) NULL)
    property=InterpretImageProperties((ImageInfo *) image_info,image,
      image_info->filename,exception);
  else
    if (LocaleNCompare(option,"pango:",6) == 0)
      property=InterpretImageProperties((ImageInfo *) image_info,image,option+6,
        exception);
    else
      property=InterpretImageProperties((ImageInfo *) image_info,image,option,
        exception);
  (void) SetImageProperty(image,"caption",property,exception);

(https://github.com/ImageMagick/ImageMagick/blob/master/coders/pango.c#L202)

The return value of InterpretImageProperties may be NULL, and then there is a null pointer deference.

See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6152 and 93a9ccc for details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions