Skip to content

Use-of-uninitialized-value in function ReadPANGOImage #1519

Closed
@YangY-Xiao

Description

@YangY-Xiao

Prerequisites

  • [ Y ] I have written a descriptive issue title
  • [ Y ] I have verified that I am using the latest version of ImageMagick
  • [ Y ] I have searched open and closed issues to ensure it has not already been reported

Description

There a use-of-uninitialized-value vulnerability in function ReadPANGOImage in coders/pango.c.

  assert(image_info != (const ImageInfo *) NULL);
  assert(image_info->signature == MagickCoreSignature);
  if (image_info->debug != MagickFalse)
    (void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",
      image_info->filename);
  assert(exception != (ExceptionInfo *) NULL);
  assert(exception->signature == MagickCoreSignature);
  image=AcquireImage(image_info,exception);
  (void) ResetImagePage(image,"0x0+0+0");

https://github.com/ImageMagick/ImageMagick/blob/master/coders/pango.c#L179

We should call SetImageBackgroundColor when condition image->columns !=0 && image->rows !=0 satisfies. Otherwise, there will be a use-of-unintialized-value vulnerablity.

See https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11930, https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6616, 18df577 and f1fb781 for more details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions