Skip to content

Use-of-uninitialized-value in function WriteJP2Image #1518

Closed
@YangY-Xiao

Description

@YangY-Xiao

Prerequisites

  • [ Y ] I have written a descriptive issue title
  • [ Y ] I have verified that I am using the latest version of ImageMagick
  • [ Y ] I have searched open and closed issues to ensure it has not already been reported

Description

There a use-of-uninitialized-value vulnerability in function WriteJP2Image in coders/jp2.c.

  if (image_info->extract != (char *) NULL)
    {
      RectangleInfo
        geometry;

      int
        flags;

      /*
        Set tile size.
      */
      flags=ParseAbsoluteGeometry(image_info->extract,&geometry);
      parameters.cp_tdx=(int) geometry.width;
      parameters.cp_tdy=(int) geometry.width;
      if ((flags & HeightValue) != 0)
        parameters.cp_tdy=(int) geometry.height;
      if ((flags & XValue) != 0)
        parameters.cp_tx0=geometry.x;
      if ((flags & YValue) != 0)
        parameters.cp_ty0=geometry.y;
      parameters.tile_size_on=OPJ_TRUE;
}

https://github.com/ImageMagick/ImageMagick/blob/master/coders/jp2.c#L853

We should call (void) memset(&geometry,0,sizeof(geometry)); after declaration.

See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6441, eeb68ee and 81bfff2 for detail.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions