Skip to content

Commit d971c75

Browse files
jcupittjcupitt
committed
block 0 width or height images from imagemagick
IM could return 0 width and/or height for some crafted images. Block these. Thanks @Koen1999. See #1890
1 parent 98641ba commit d971c75

File tree

3 files changed

+24
-2
lines changed

3 files changed

+24
-2
lines changed

ChangeLog

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@
88
- hide info messages you could get with some older glibs [kleisauke]
99
- fix --no-strip on dzsave with icc-profiles [altert]
1010
- better GraphicsMagick image write [bfriesen]
11-
- Add missing read loops to spng, heif, giflib and ppm load [kleisauke]
11+
- add missing read loops to spng, heif, giflib and ppm load [kleisauke]
12+
- block zero width or height images from imagemagick load [Koen1999]
1213

1314
6/9/20 started 8.10.2
1415
- update magicksave/load profile handling [kelilevi]

libvips/foreign/magick2vips.c

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -336,8 +336,18 @@ parse_header( Read *read )
336336
im->Xsize = image->columns;
337337
im->Ysize = image->rows;
338338
read->frame_height = image->rows;
339-
if( (im->Bands = get_bands( image )) < 0 )
339+
im->Bands = get_bands( image );
340+
if( im->Xsize <= 0 ||
341+
im->Ysize <= 0 ||
342+
im->Bands <= 0 ||
343+
im->Xsize >= VIPS_MAX_COORD ||
344+
im->Ysize >= VIPS_MAX_COORD ||
345+
im->Bands >= VIPS_MAX_COORD ) {
346+
vips_error( "magick2vips",
347+
_( "bad image dimensions %d x %d pixels, %d bands" ),
348+
im->Xsize, im->Ysize, im->Bands );
340349
return( -1 );
350+
}
341351

342352
/* Depth can be 'fractional'.
343353
*

libvips/foreign/magick7load.c

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -449,6 +449,17 @@ vips_foreign_load_magick7_parse( VipsForeignLoadMagick7 *magick7,
449449
out->Ysize = image->rows;
450450
magick7->frame_height = image->rows;
451451
out->Bands = magick7_get_bands( image );
452+
if( out->Xsize <= 0 ||
453+
out->Ysize <= 0 ||
454+
out->Bands <= 0 ||
455+
out->Xsize >= VIPS_MAX_COORD ||
456+
out->Ysize >= VIPS_MAX_COORD ||
457+
out->Bands >= VIPS_MAX_COORD ) ||
458+
vips_error( class->nickname,
459+
_( "bad image dimensions %d x %d pixels, %d bands" ),
460+
out->Xsize, out->Ysize, out->Bands );
461+
return( -1 );
462+
}
452463

453464
/* Depth can be 'fractional'. You'd think we should use
454465
* GetImageDepth() but that seems to compute something very complex.

0 commit comments

Comments
 (0)