From 77a6c395e24d1a6670b0002a1c8dab272237eeae Mon Sep 17 00:00:00 2001 From: cristy Date: Fri, 28 Nov 2014 14:15:53 +0000 Subject: [PATCH] Fix a SEGV with corrupted viff image git-svn-id: https://subversion.imagemagick.org/subversion/ImageMagick/branches/ImageMagick-6@17110 aa41f4f7-0bf4-0310-aa73-e5a19afd5a74 origin: http://trac.imagemagick.org/changeset/17110 --- coders/viff.c | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/coders/viff.c b/coders/viff.c index a0db6d9..c797928 100644 --- a/coders/viff.c +++ b/coders/viff.c @@ -241,7 +241,6 @@ static Image *ReadVIFFImage(const ImageInfo *image_info, count; unsigned char - buffer[7], *viff_pixels; unsigned long @@ -284,11 +283,12 @@ static Image *ReadVIFFImage(const ImageInfo *image_info, /* Initialize VIFF image. */ - count=ReadBlob(image,7,buffer); - viff_info.file_type=buffer[0]; - viff_info.release=buffer[1]; - viff_info.version=buffer[2]; - viff_info.machine_dependency=buffer[3]; + (void) ReadBlob(image,sizeof(viff_info.file_type),&viff_info.file_type); + (void) ReadBlob(image,sizeof(viff_info.release),&viff_info.release); + (void) ReadBlob(image,sizeof(viff_info.version),&viff_info.version); + (void) ReadBlob(image,sizeof(viff_info.machine_dependency), + &viff_info.machine_dependency); + (void) ReadBlob(image,sizeof(viff_info.reserve),viff_info.reserve); count=ReadBlob(image,512,(unsigned char *) viff_info.comment); viff_info.comment[511]='\0'; if (strlen(viff_info.comment) > 4) @@ -940,7 +940,6 @@ static MagickBooleanType WriteVIFFImage(const ImageInfo *image_info, *q; unsigned char - buffer[8], *viff_pixels; ViffInfo @@ -1002,7 +1001,7 @@ static MagickBooleanType WriteVIFFImage(const ImageInfo *image_info, /* Full color VIFF raster. */ - viff_info.number_data_bands=image->matte ? 4UL : 3UL; + viff_info.number_data_bands=image->matte ? 4U : 3U; viff_info.color_space_model=VFF_CM_genericRGB; viff_info.data_storage_type=VFF_TYP_1_BYTE; packets=viff_info.number_data_bands*number_pixels; @@ -1036,15 +1035,18 @@ static MagickBooleanType WriteVIFFImage(const ImageInfo *image_info, /* Write VIFF image header (pad to 1024 bytes). */ - buffer[0]=(unsigned char) viff_info.identifier; - buffer[1]=(unsigned char) viff_info.file_type; - buffer[2]=(unsigned char) viff_info.release; - buffer[3]=(unsigned char) viff_info.version; - buffer[4]=(unsigned char) viff_info.machine_dependency; - buffer[5]=(unsigned char) viff_info.reserve[0]; - buffer[6]=(unsigned char) viff_info.reserve[1]; - buffer[7]=(unsigned char) viff_info.reserve[2]; - (void) WriteBlob(image,8,buffer); + (void) WriteBlob(image,sizeof(viff_info.identifier),(unsigned char *) + &viff_info.identifier); + (void) WriteBlob(image,sizeof(viff_info.file_type),(unsigned char *) + &viff_info.file_type); + (void) WriteBlob(image,sizeof(viff_info.release),(unsigned char *) + &viff_info.release); + (void) WriteBlob(image,sizeof(viff_info.version),(unsigned char *) + &viff_info.version); + (void) WriteBlob(image,sizeof(viff_info.machine_dependency), + (unsigned char *) &viff_info.machine_dependency); + (void) WriteBlob(image,sizeof(viff_info.reserve),(unsigned char *) + viff_info.reserve); (void) WriteBlob(image,512,(unsigned char *) viff_info.comment); (void) WriteBlobMSBLong(image,viff_info.rows); (void) WriteBlobMSBLong(image,viff_info.columns); -- 2.1.4