Closed
Description
Prerequisites
- [ Y ] I have written a descriptive issue title
- [ Y ] I have verified that I am using the latest version of ImageMagick
- [ Y ] I have searched open and closed issues to ensure it has not already been reported
Description
There a use-of-uninitialized-value vulnerability in function WriteJP2Image in coders/jp2.c.
if (image_info->extract != (char *) NULL)
{
RectangleInfo
geometry;
int
flags;
/*
Set tile size.
*/
flags=ParseAbsoluteGeometry(image_info->extract,&geometry);
parameters.cp_tdx=(int) geometry.width;
parameters.cp_tdy=(int) geometry.width;
if ((flags & HeightValue) != 0)
parameters.cp_tdy=(int) geometry.height;
if ((flags & XValue) != 0)
parameters.cp_tx0=geometry.x;
if ((flags & YValue) != 0)
parameters.cp_ty0=geometry.y;
parameters.tile_size_on=OPJ_TRUE;
}
https://github.com/ImageMagick/ImageMagick/blob/master/coders/jp2.c#L853
We should call (void) memset(&geometry,0,sizeof(geometry)); after declaration.
See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6441, eeb68ee and 81bfff2 for detail.