File: ChangeLog

package info (click to toggle)
graphicsmagick 1.3.30+hg15796-1~deb9u2
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 176,320 kB
  • sloc: ansic: 998,570; xml: 91,899; sh: 77,027; cpp: 39,772; python: 29,412; makefile: 8,198; perl: 4,629; asm: 3,560; pascal: 3,096; tcl: 2,208; ada: 1,681; awk: 924; cs: 879; php: 368; sed: 10
file content (2414 lines) | stat: -rw-r--r-- 101,373 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2018-10-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/static.c (OpenModule): Upper case magick string before
	searching static modules list.  Fixes Debian bug 911386
	"libgraphicsmagick-q16-3: graphicsmagick 1.3.30 has made formats
	case-sensitive at the API level".

2018-09-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/coder_fuzzer.cc (LLVMFuzzerTestOneInput): Limit the
	maximum number of JPEG progressive scanlines to 50.

	* coders/jpeg.c (ReadJPEGImage): Apply a default limit of 100
	progressive scans before the reader quits with an error.  This
	limit may be adjusted using the -define mechanism like -define
	JPEG:max-scan-number=500.  Also respond more quickly to files
	which exceed the maximum image dimensions.  Fixes oss-fuzz 10258
	"graphicsmagick/coder_JPEG_fuzzer: Timeout in
	graphicsmagick_coder_JPEG_fuzzer". (Credit to OSS-Fuzz)

2018-09-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadMNGImage): mng_LOOP chunk must be at least 5
	bytes long.  Fixes oss-fuzz 10455
	"graphicsmagick/coder_MNG_fuzzer: Use-of-uninitialized-value in
	ReadMNGImage". (Credit to OSS-Fuzz)

2018-09-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/render.c (TraceEllipse): Detect arithmetic overflow when
	computing the number of points to allocate for an ellipse.  Fixes
	oss-fuzz 10306 "graphicsmagick/coder_MVG_fuzzer:
	Heap-buffer-overflow in TracePoint". (Credit to OSS-Fuzz)

2018-09-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/attribute.c (GenerateEXIFAttribute): Eliminate undefined
	shift.  Also right-sized involved data types.  Fixes oss-fuzz
	10309 "graphicsmagick/coder_JPG_fuzzer: Undefined-shift in
	Read32s". (Credit to OSS-Fuzz)

2018-09-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/render.c (DrawClipPath): Fix Coverity 319663 "Null
	pointer dereferences".  Totally insignificant.

	* coders/wpg.c (ReadWPGImage): Mask/fix Coverity 319664 "Error
	handling issues".

	* magick/attribute.c (FindEXIFAttribute): Change size types from
	signed to unsigned and check for unsigned overflow.
	(GenerateEXIFAttribute): Change size types from signed to unsigned
	and check for unsigned overflow. Fixes oss-fuzz 10283
	"graphicsmagick/coder_JPG_fuzzer: Integer-overflow in
	GenerateEXIFAttribute". (Credit to OSS-Fuzz)

	* coders/sfw.c (ReadSFWImage): Enforce that file is read using the
	JPEG reader. (Credit to OSS-Fuzz)

	* coders/miff.c (ReadMIFFImage): Fix leak of 'values' buffer due
	to change made yesterday.

	* coders/mpc.c (ReadMPCImage): Fix leak of 'values' buffer due to
	change made yesterday.  Fixes oss-fuzz 10277
	"graphicsmagick/coder_MPC_fuzzer: Direct-leak in
	ReadMPCImage". (Credit to OSS-Fuzz)

2018-09-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/miff.c (ReadMIFFImage): Support legacy keyword
	'color-profile' for ICC color profile as was used by ImageMagick
	4.2.9.

	* coders/mpc.c (ReadMPCImage): Require that first keyword/value be
	id=MagickCache

	* coders/miff.c (ReadMIFFImage): Require that first keyword/value
	be id=ImageMagick.

2018-09-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (DCM_ReadElement): Add more size checks.

	* coders/jnx.c (ExtractTileJPG): Enforce that JPEG tiles are read
	by the JPEG coder.  Fixes oss-fuzz 10147
	"graphicsmagick/coder_JNX_fuzzer: Use-of-uninitialized-value in
	funcDCM_PhotometricInterpretation". (Credit to OSS-Fuzz)

2018-09-10  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Zero fill raster error recovery.

2018-08-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/render.c (ConvertPrimitiveToPath): Second attempt to
	prevent heap write overflow of PathInfo array.  Fixes oss-fuzz
	10096 "Heap-buffer-overflow in ConvertPrimitiveToPath". (Credit to
	OSS-Fuzz)

2018-08-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c ("QuantumTransferMode"): CIE Log images with an
	alpha channel are not supported.  Fixes oss-fuzz 10013
	"graphicsmagick/coder_TIFF_fuzzer: Use-of-uninitialized-value in
	DisassociateAlphaRegion". (Credit to OSS-Fuzz)

	* magick/render.c (DrawImage): SetImageAttribute() appends new
	text to any existing value, leading to every increasing memory
	consumption if the existing value is not deleted first by the
	unwary.  Fixes oss-fuzz 9983 "graphicsmagick/coder_MVG_fuzzer:
	Timeout in graphicsmagick_coder_MVG_fuzzer" and oss-fuzz 10016
	"graphicsmagick/coder_MVG_fuzzer: Out-of-memory in
	graphicsmagick_coder_MVG_fuzzer". (Credit to OSS-Fuzz)

	* magick/utility.c (TranslateTextEx): Fix off-by-one in loop
	bounds check which allowed a one-byte stack write overflow.  Fixes
	oss-fuzz 10055 "graphicsmagick/coder_MVG_fuzzer:
	Stack-buffer-overflow in TranslateTextEx". (Credit to OSS-Fuzz)

	* magick/render.c (DrawImage): Be more precise about error
	detection and reporting, and return from an error more quickly.
	Also added MAX_DRAWIMAGE_RECURSION pre-processor definition to
	allow adjusting the drawing recursion limit.  The drawing
	recursion limit is still 100, which seems exceptionally generous.

	* magick/constitute.c (WriteImage): Produce a more useful error
	message if an encoding delegate is not available.

	* magick/nt_base.h (isnan): Try adding a MSVC replacement for
	missing isnan() function.  Not yet tested.

2018-08-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c This should fix intentional 64 bit file offset
	overflow as depictedin OSS-fuzz-9936. Thanks to OSS-Fuzz.

2018-08-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/render.c (ConvertPrimitiveToPath): Need to enlarge
	PathInfo array allocation to avoid possible heap write overflow.
	Fixes oss-fuzz 9651 "graphicsmagick/coder_MVG_fuzzer:
	Heap-buffer-overflow in ConvertPrimitiveToPath". (Credit to
	OSS-Fuzz)

2018-08-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mpc.c (ReadMPCImage): Insist that the format be
	identified prior to any comment, and that there is only one
	comment.

	* coders/miff.c (ReadMIFFImage): Insist that the format be
	identified prior to any comment, and that there is only one
	comment.  Fixes oss-fuzz 9979 "graphicsmagick/coder_MIFF_fuzzer:
	Timeout in graphicsmagick_coder_MIFF_fuzzer".  This is not a
	serious issue, but the code runs slowly under UBSAN.  (Credit to
	OSS-Fuzz)

2018-08-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/utility.c (MagickAtoFChk): Add additional validation
	checks for floating point values.  NAN and +/- INFINITY values
	also map to 0.0. Fixes oss-fuzz 9630
	"graphicsmagick/coder_MVG_fuzzer: Integer-overflow in
	IsNexusInCore" and oss-fuzz 9612 "graphicsmagick/coder_MVG_fuzzer:
	Integer-overflow in SetCacheNexus". (Credit to OSS-Fuzz)

	* magick/render.c (DrawImage): Add missing error-reporting logic
	to return immediately upon memory reallocation failure.  Apply
	memory resource limits to PrimitiveInfo array allocation.  Fixes
	oss-fuzz 9576 "graphicsmagick/coder_MVG_fuzzer: Null-dereference
	READ in DrawImage", oss-fuzz 9593
	"graphicsmagick/coder_MVG_fuzzer: Out-of-memory in
	graphicsmagick_coder_MVG_fuzzer", oss-fuzz 9648
	"graphicsmagick/coder_MVG_fuzzer: Unknown signal in
	DrawImage". (Credit to OSS-Fuzz)

2018-08-16  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coder/mat.c Explicitly reject non-seekable streams.

2018-08-15  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coder/mat.c Correctly check GetBlobSize(image) even for zipstreams.

2018-08-14  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c More aggresive data corruption checking.

2018-08-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xbm.c (XBMInteger): Limit the number of hex digits parsed
	to avoid signed integer overflow.  Fixes oss-fuzz 9746
	"graphicsmagick/coder_XBM_fuzzer: Undefined-shift in
	XBMInteger". (Credit to OSS-Fuzz)

2018-08-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Typecast difference to quantum.

2018-08-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mat.c (InsertComplexFloatRow): Avoid signed
	overflow. Fixes oss-fuzz 9667 "graphicsmagick/coder_MAT_fuzzer:
	Integer-overflow in InsertComplexFloatRow". (Credit to OSS-Fuzz)

	* coders/xbm.c (ReadXBMImage): Add validations for row and column
	dimensions.  Fixes oss-fuzz 9736 "graphicsmagick/coder_XBM_fuzzer:
	Out-of-memory in graphicsmagick_coder_XBM_fuzzer". (Credit to
	OSS-Fuzz)

2018-08-04  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Add mechanism to approve embedded subformats in
	WPG.  This should mute oss-fuzz 9559.  (Credit to OSS-Fuzz)

2018-07-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mvg.c (ReadMVGImage): Fix memory leak added on
	2018-07-21.  Fixes oss-fuzz 9548 "graphicsmagick/coder_MVG_fuzzer:
	Direct-leak in CloneDrawInfo". (Credit to OSS-Fuzz)

2018-07-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/cineon.c (ReadCINEONImage): Fix SourceForge issue 571
	"Unexpected hang on a crafted Cineon image" by detecting and
	quitting on EOF appropriately, and verifying that file size is
	sufficient for claimed pixel dimensions when possible.

	* fuzzing/oss-fuzz-build.sh, fuzzing/dictionaries/MVG.dict: Added
	MVG fuzzing dictionary by Alex Gaynor.

2018-07-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/pixel_cache.c (SetNexus): For requests one pixel tall,
	SetNexus() was wrongly using pixels in-core rather than using a
	staging area for the case where the nexus rows extend beyond the
	image raster boundary, leading to heap overflow.  This can happen
	when virtual pixels outside the image bounds are accessed.  Fixes
	oss-fuzz 9512 "graphicsmagick/graphicsmagick_coder_MVG_fuzzer:
	Heap-buffer-overflow in AcquireCacheNexus". (Credit to OSS-Fuzz)

	* magick/render.c (ExtractTokensBetweenPushPop):
	ExtractTokensBetweenPushPop() needs to always return a valid
	pointer into the primitive string.  Fixes oss-fuzz 9511
	"graphicsmagick/graphicsmagick_coder_MVG_fuzzer: Null-dereference
	READ in DrawImage". (Credit to OSS-Fuzz)
	(DrawPolygonPrimitive): Fix leak of polygon set when object is
	completely outside image.  Fixes oss-fuzz 9513
	"graphicsmagick/graphicsmagick_coder_MVG_fuzzer: Direct-leak in
	AllocateThreadViewDataSet". (Credit to OSS-Fuzz)

2018-07-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/blob.c (FileToBlob): Use confirm access APIs to verify
	that read access to this path is allowed by policy.  Check that
	file is a regular file before proceeding to open and read from it.

	* coders/mvg.c (ReadMVGImage): Don't allow MVG files to side-load
	a file as the drawing primitive using '@' syntax.  Fixes oss-fuzz
	9494 "graphicsmagick/coder_MVG_fuzzer: Sanitizer CHECK failure in
	"((0)) != (0)" (0x0, 0x0)". (Credit to OSS-Fuzz)

2018-07-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mvg.c (ReadMVGImage): Don't assume that in-memory MVG
	blob is a null-terminated C string. Fixes oss-fuzz 9469
	"graphicsmagick/coder_MVG_fuzzer: Heap-buffer-overflow in
	AllocateString". (Credit to OSS-Fuzz)

2018-07-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/miff.c (ReadMIFFImage): Detect EOF when reading using
	ReadBlobZC() and avoid subsequent heap read overflow.  Fixes
	oss-fuzz 9357 "graphicsmagick/coder_MIFF_fuzzer:
	Heap-buffer-overflow in ImportRGBQuantumType". (Credit to
	OSS-Fuzz)

2018-07-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh (CFLAGS): Try disabling SIMD
	instructions in libjpeg-turbo build.

2018-07-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (WriteOnePNGImage): Free png_pixels as soon as
	possible.  This might help with oss-fuzz 9334
	"graphicsmagick/coder_PNG8_fuzzer: Direct-leak in
	WriteOnePNGImage", which we have yet to reproduce.  It is not
	clear if png_pixels is being clobbered by longjmp or if something
	else is going on.

2018-06-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/jpeg.c (ReadJPEGImage): Provide a memory resource limit
	(of 1/5th the memory resource limit for Graphicsmagick) to libjpeg
	to limit how much memory it might consume for itself while reading
	a file.  Fixes oss-fuzz 9096 "graphicsmagick/coder_JPEG_fuzzer:
	Timeout in graphicsmagick_coder_JPEG_fuzzer".  (Credit to
	OSS-Fuzz)
	(ReadJPEGImage): Make sure that JPEG pixels array is initialized
	in case libjpeg fails to completely initialize it.  May fix
	oss-fuzz 9115 "graphicsmagick/coder_JPEG_fuzzer:
	Use-of-uninitialized-value in ReadJPEGImage".  We are not sure
	since the problem was not reproduced.  (Credit to OSS-Fuzz)

2018-06-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* version.sh: Update library versioning for 1.3.30 release.

	* NEWS.txt: Update news for 1.3.30 release.

2018-06-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Report exception on EOF file
	reading DPX pixel data. Fixes oss-fuzz 8104
	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
	WriteDPXImage", oss-fuzz 8297 "graphicsmagick/enhance_fuzzer:
	Use-of-uninitialized-value in EnhanceImage", and oss-fuzz 8133
	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
	RGBTransformPackets". (Credit to OSS-Fuzz)

2018-06-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/cmyk.c (ReadCMYKImage): Free scanline buffer in error
	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
	gray.c and cmyk.c" reported by Petr Gajdos.

	* coders/gray.c (ReadGRAYImage): Free scanline buffer in error
	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
	gray.c and cmyk.c" reported by Petr Gajdos.

	* coders/rgb.c (ReadRGBImage): Free scanline buffer in error
	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
	gray.c and cmyk.c" reported by Petr Gajdos.

	* coders/jpeg.c (ReadJPEGImage): Avoid memory leak of profile
	buffer when longjmp-based exception is thrown while reading a
	profile. Fixes oss-fuzz 8957 "graphicsmagick/enhance_fuzzer:
	Direct-leak in ReadGenericProfile". (Credit to OSS-Fuzz)

2018-06-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xcf.c (load_level): Make sure to free 'tile_image' before
	returning exception.  Fixes oss-fuzz 8935
	"graphicsmagick/coder_XCF_fuzzer: Indirect-leak in
	CloneImage". (Credit to OSS-Fuzz)

	* coders/jpeg.c (ReadJPEGImage): Allow three warnings of any given
	type before promoting the next warning of the same type to a hard
	error.  The warning limit may be adjusted by the user using
	-define jpeg:max-warnings=<value>.  Fixes oss-fuzz 8704
	"graphicsmagick/coder_JPG_fuzzer: Out-of-memory in
	graphicsmagick_coder_JPG_fuzzer". (Credit to OSS-Fuzz)

	* coders/png.c (ReadPNGImage): Detect EOF when reading
	magic_number.  Fixes oss-fuzz 8944
	"graphicsmagick/coder_PNG_fuzzer: Use-of-uninitialized-value in
	ReadPNGImage".  (Credit to OSS-Fuzz)
	(ReadPNGImage, ReadJNGImage): Makes sure that return value of
	ReadBlob() is always checked to detect EOF.

2018-06-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (ReadTIFFImage): Re-structure exception reporting
	so that QuantumTransferMode() exceptions thrown for
	PLANARCONFIG_SEPARATE images are handled immediately.  Fixes
	oss-fuzz 8896 "graphicsmagick/coder_BIGTIFF_fuzzer:
	Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to
	OSS-Fuzz)
	(ReadTIFFImage): tsize_t is a signed type so be prepared for
	unexpected negative values produced by libtiff size functions.
	Fixes oss-fuzz 8934 "graphicsmagick/coder_TIFF_fuzzer: Sanitizer
	CHECK failure in "((0)) != (0)" (0x0, 0x0)". (Credit to OSS-Fuzz)

2018-06-16  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Fix oss-fuzz 7735 "graphicsmagick/coder_WPG_fuzzer:
	Use-of-uninitialized-value in ReadWPGImage".  (Credit to OSS-Fuzz)

2018-06-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadMNGImage): ENDL chunk must be at least one
	byte in size. Fixes oss-fuzz 8832
	"graphicsmagick/coder_MNG_fuzzer: Null-dereference READ in
	ReadMNGImage". (Credit to OSS-Fuzz)
	(ReadMNGImage): Length of DISC chunk must be evenly divisible by
	2.  Fixes oss-fuzz 8834 "graphicsmagick/coder_MNG_fuzzer:
	Heap-buffer-overflow in ReadMNGImage". (Credit to OSS-Fuzz)

2018-06-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mpc.c (ReadMPCImage): Detect end of file while reading
	image directory.  Similar to MIFF fixes for ImageMagick
	CVE-2017-18272.
	(RegisterMPCImage): Require seekable stream since MPC is strictly
	a file-based format and so GetBlobSize() is assured to work.
	Similar to MIFF behavior.  Claimed to be part of the resolution
	for ImageMagick CVE CVE-2017-11449. Suggested by Petr Gajdos via
	email on January 3, 2018.

2018-06-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/miff.c (ReadMIFFImage): Detect end of file while reading
	image directory. Fixes SourceForge issue 565 "ImageMagick
	CVE-2017-18272 applies to GraphicsMagick".  Thanks to Petr Gajdos
	for reporting this issue to us.

	* magick/import.c (ImportViewPixelArea): Use appropriate
	bits_per_sample validations for FloatQuantumSampleType. Fixes
	oss-fuzz 8780 "graphicsmagick/coder_PTIF_fuzzer:
	Use-of-uninitialized-value in HorizontalFilter". (Credit to
	OSS-Fuzz)

2018-06-09  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c More than 4GiB are not supported in MAT!

2018-06-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mat.c (ReadMATImage): Add casts to avoid arithmetic
	overflow when computing size and offsets.  Fixes oss-fuzz 8801
	"graphicsmagick/coder_MAT_fuzzer: Timeout in
	graphicsmagick_coder_MAT_fuzzer". (Credit to OSS-Fuzz)

	* magick/blob.c (ReadBlobLSBDoubles, ReadBlobMSBDoubles): Only
	byte-swap doubles or test doubles for NAN if we have read enough
	bytes for at least one double value.
	(ReadBlob): Add an assertion to enforce that ReadBlob() will never
	report reading more bytes than requested due to some
	implementation issue.

2018-06-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/blob.c (ReadBlob, WriteBlob): gzread(), BZ2_bzread(),
	gzwrite(), BZ2_bzwrite() return type 'int' rather than 'size_t'
	like their stdio equivalents.  Use correct signed type to avoid
	returning a negative value into an unsigned type, forming a huge
	positive value.  Fixes oss-fuzz 8600
	"graphicsmagick/coder_MAT_fuzzer: Heap-buffer-overflow in
	ReadBlobLSBDoubles". (Credit to OSS-Fuzz)

2018-06-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (png_read_raw_profile): Try to shore up parsing of
	raw profile reading to avoid heap read overruns.  Fixes oss-fuzz
	8763 "graphicsmagick/coder_PNG32_fuzzer: Heap-buffer-overflow in
	png_read_raw_profile". (Credit to OSS-Fuzz)

2018-06-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Reduce stack usage for 64 bit architecture.

2018-06-06  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Check return values of SeekBlob for more safety.

2018-06-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOneJNGImage): Use DestroyImageList() rather
	than DestroyImage() on returned Image from supposed read of JPEG
	data, in case multiple frames were unexpectedly returned.  Also
	add "JPEG:" prefix to filename when reading from temporary file to
	force that it can only be read as a JPEG file, disabling format
	auto-detection based on file header.  Fixes oss-fuzz 8755
	"graphicsmagick/coder_JNG_fuzzer: Indirect-leak in
	AllocateImage". (Credit to OSS-Fuzz)

2018-06-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/blob.c (EOFBlob): Implement EOF detection for ZipStream.
	Does some archaic zlib not provide gzeof()?  Fixes oss-fuzz 8550
	"graphicsmagick/coder_MAT_fuzzer: Timeout in
	graphicsmagick_coder_MAT_fuzzer". (Credit to OSS-Fuzz)

2018-06-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOnePNGImage): Skip adding empty raw profile.
	Fixes oss-fuzz "graphicsmagick/coder_PNG_fuzzer:
	Heap-buffer-overflow in png_read_raw_profile". (Credit to
	OSS-Fuzz)

2018-06-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* NEWS.txt: Update NEWS with latest changes.

	* coders/dcm.c (DCM_ReadRGBImage): Force the image to DirectClass
	to avoid later use of uninitialized indexes.  Fixes oss-fuzz 8602
	"graphicsmagick/coder_DCM_fuzzer: Use-of-uninitialized-value in
	DCM_PostRescaleImage". (Credit to OSS-Fuzz)
	(DCM_ReadPlanarRGBImage): Force the image to DirectClass to avoid
	later use of uninitialized indexes.

	* coders/png.c (ReadMNGImage): Free chunk memory in error
	reporting path to avoid leak.  Fixes oss-fuzz 8721
	"graphicsmagick/coder_MNG_fuzzer: Direct-leak in
	ReadMNGImage". (Credit to OSS-Fuzz)

2018-06-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/constitute.c (ReadImage): Assure that an error exception
	is thrown if coder returns null without properly reporting an
	exception.

	* magick/blob.c (BlobToImage): Assure that an error exception is
	thrown if coder returns null without properly reporting an
	exception.

	* coders/png.c (ReadMNGImage): Disable mystery "linked list is
	corrupted" code.  Assure that exceptions are reported to the
	correct place so they are not lost.  Fixes oss-fuzz 8710
	"graphicsmagick/coder_MNG_fuzzer: Indirect-leak in
	AllocateImage". (Credit to OSS-Fuzz)

	* coders/tiff.c (ReadTIFFImage): Initialize allocated scanline,
	strip, or tile to zero in order to avoid complaint about use of
	uninitialized data if libtiff fails to write all the bytes.  Fixes
	oss-fuzz 8551 "graphicsmagick/coder_TIFF_fuzzer:
	Use-of-uninitialized-value in ImportGrayQuantumType". (Credit to
	OSS-Fuzz)

	* magick/annotate.c (RenderFreetype): Throw an exception if
	DrawInfo font is null.  Should fix oss-fuzz 8557
	"graphicsmagick/coder_PCD_fuzzer: Unknown signal in
	RenderFreetype" and may fix oss-fuzz 8544
	"graphicsmagick/coder_PCD_fuzzer: Null-dereference READ in
	RenderFreetype". (Credit to OSS-Fuzz)

	* coders/jpeg.c (ReadGenericProfile): Add/improve tracing for
	profile size and when JPEG header is being read.

2018-06-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOneJNGImage): Report a useful exception for
	the case when the JNG file fails to provide the necessary image
	chunks to allocate the color image.  Inspired by oss-fuzz 8666
	"graphicsmagick/coder_JNG_fuzzer: ASSERT: data != (const char *)
	NULL" although the reported issue was not reproduced.

2018-05-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadMNGImage): Fix off-by-one in length validation
	for TERM chunk which allowed one byte heap read overflow.  Fixes
	oss-fuzz 8615 "graphicsmagick/coder_MNG_fuzzer:
	Heap-buffer-overflow in mng_get_long". (Credit to OSS-Fuzz)
	(ReadMNGImage): Fix leak of MngInfo in error reporting path.
	Fixes oss-fuzz 8604 "graphicsmagick/coder_MNG_fuzzer: Direct-leak
	in ReadMNGImage". (Credit to OSS-Fuzz)
	(ReadMNGImage): Verify that claimed chunk size does not exceed
	input size.  Fixes oss-fuzz 8564 "graphicsmagick/coder_MNG_fuzzer:
	Out-of-memory in graphicsmagick_coder_MNG_fuzzer". (Credit to
	OSS-Fuzz)

	* coders/tiff.c (ReadTIFFImage): Reject files with excessive
	samples-per-pixel or extra-samples. Avoids potential issues
	observed in oss-fuzz 8634 "graphicsmagick/coder_BIGTIFF_fuzzer:
	Undefined-shift in ImportAlphaQuantumType". (Credit to OSS-Fuzz)

2018-05-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadMNGImage): Assure that object id index is
	always less than MNG_MAX_OBJECTS to avoid overflow.  Fixes
	oss-fuzz 8596 "graphicsmagick/coder_MNG_fuzzer:
	Index-out-of-bounds in ReadMNGImage" and likely other issues yet
	to be reported. (Credit to OSS-Fuzz)

2018-05-30  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (CompareEdges): Per ticket #562,
	function CompareEdges() did not conform to the qsort()
	requirement that if CompareEdges(edge0,edge1) returns
	-1 (i.e., edge0 "less than" edge1), then
	CompareEdges(edge1,edge0) should return 1 (edge1
	"greater than" edge0).  This has been fixed.

2018-05-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOneJNGImage): Deal with JDAA JNG chunk with
	length zero.  Fixes oss-fuzz 8562
	"graphicsmagick/coder_JNG_fuzzer: ASSERT: data != (const char *)
	NULL". (Credit to OSS-Fuzz)

	* coders/tiff.c (ReadTIFFImage): Check that the bits-per-sample is
	supported by the implementation before attempting to decode the
	image. Fixes oss-fuzz 8554 "graphicsmagick/coder_BIGTIFF_fuzzer:
	Undefined-shift in MagickBitStreamMSBWrite". (Credit to OSS-Fuzz)

	* coders/png.c (ReadMNGImage): Eliminate use of uninitialized
	header magic data by checking for EOF first.  Fixes oss-fuzz 8597
	"graphicsmagick/coder_MNG_fuzzer: Use-of-uninitialized-value in
	ReadMNGImage". (Credit to OSS-Fuzz)

2018-05-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh: More fixes based on what is observed
	in oss-fuzz build log.

2018-05-24  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/jnx.c The attribute should belong to only one scene and
	not to whole image list.

2018-05-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh: Changes to add CPPFLAGS to configure
	executions to hopefully get oss-fuzz build closer to success.

2018-05-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* PerlMagick/t/jpeg/read.t: Add a JNX reader test case.

	* coders/jnx.c (ReadJNXImage): JNX image depth should be 8.

	* fuzzing/oss-fuzz-build.sh: Apply patch from Alex Gaynor to
	switch libpng to autotools build system, as well as configure
	GraphicsMagick with '--with-quantum-depth=16'.

2018-05-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (ReadTIFFImage): Validate tile memory requests for
	the TIFFReadRGBATile() case in the same way as the TIFFReadTile()
	case.  Fixes oss-fuzz 8434 "graphicsmagick/coder_BIGTIFF_fuzzer:
	Out-of-memory in graphicsmagick_coder_BIGTIFF_fuzzer". (Credit to
	OSS-Fuzz)

2018-05-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tile.c (ReadTILEImage): Remove any existing size request
	when while image to tile.  This avoids size being used for both
	the input image size and the tile image size.  Fixes SourceForge
	issue #563 "tile:<image> appears to blow image up by 100% before
	applying tiling".

2018-05-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh: Patch from Paul Kehrer to disable
	libpng test programs and binaries while building libpng in support
	of oss-fuzz testing.

	* coders/dcm.c (DCM_ReadGrayscaleImage): If a palette was
	provided, the image may be in PseudoClass but we need DirectClass
	for gray image when GRAYSCALE_USES_PALETTE is not defined.  Fixes
	oss-fuzz 7550 "graphicsmagick/coder_DCM_fuzzer:
	Use-of-uninitialized-value in SyncImageCallBack". (Credit to
	OSS-Fuzz)
	(ReadDCMImage): Restore use of DCM_PostRescaleImage() in order to
	obtain suitably scaled DICOM again.  Hopefully it is more robust
	now.
	(DCM_ReadPaletteImage): Assure that DirectClass pixels are
	initialized.

2018-05-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (ReadTIFFImage): Remove strange addition of
	image->columns to pixel buffer offsets which now causes a heap
	overflow since the buffer has been right-sized.  Perhaps the extra
	offset plus the over-sized allocation was some attempt to avoid
	buffer over/underflows due to bugs in libtiff. Fixes oss-fuzz 8384
	"graphicsmagick/coder_BIGTIFF_fuzzer: Heap-buffer-overflow in
	put1bitbwtile" which is described to be a regression. (Credit to
	OSS-Fuzz)

	* magick/render.c (DrawImage): Fix wrong range checks which caused
	spurious "Parsing of SVG images fail with "Non-conforming drawing
	primitive definition (push)" failure.  Fixes SourceForge issue 561
	"Parsing of SVG images fail with "Non-conforming drawing primitive
	definition (push)"" which is due to problems caused by the fix for
	SourceForge issue 517.

	* coders/tiff.c (WritePTIFImage): Use '-define
	ptif:minimum-geometry=<geometry>' to specify the smallest
	subresolution frame which is produced by the PTIF (Pyramid TIFF)
	writer.

2018-05-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (WritePTIFImage): Allow 1x1 input image to be
	supported.

	* coders/png.c (ReadOneJNGImage): Unconditionally free JDAT chunk
	memory.  Fixes oss-fuzz 8366 "graphicsmagick/coder_JNG_fuzzer:
	Direct-leak in ReadOneJNGImage". (Credit to OSS-Fuzz)

	* coders/tiff.c (WritePTIFImage): Fix leak of pyramid Image list
	if ResizeImage() fails.  Fixes oss-fuzz 8364
	"graphicsmagick/coder_PTIF_fuzzer: Indirect-leak in
	CloneImage". (Credit to OSS-Fuzz)

2018-05-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (WriteTIFFImage): Add and use
	ThrowTIFFWriterException() macro to consistently clean-up when
	throwing writer exception.  May fix oss-fuzz 8321
	"graphicsmagick/coder_EPT_fuzzer: Direct-leak in
	TIFFClientOpen". (Credit to OSS-Fuzz)
	(ReadTIFFImage): Add and use ThrowTIFFReaderException() macro to
	consistently clean-up when throwing reader exception.

2018-05-16  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/alpha_composite.h (AlphaCompositePixel): The
	macro definition for MagickAlphaCompositeQuantum in
	alpha_composite.h computes an expression of the form:

	a * b + c * d * e

	Code in function AlphaCompositePixel() (also in
	alpha_composite.h) multiplies the result of this macro
	by variable "delta" as follows:

	delta * a * b + c * d * e

	However, the intended result is actually:

	delta * ( a * b + c * d * e )

	The macro definition has been modified to enclose the
	entire expression in parentheses.

	The effects of this bug were particularly evident at the
	boundary between a stroked polygon and a transparent
	black region. More generally, an incorrect composited
	pixel value was being computed by AlphaCompositePixel()
	whenever the output alpha value was not 100% opaque.

2018-05-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tests/rwblob.tap: Add a test for PTIF format.

	* coders/tiff.c (WritePTIFImage): Fix Image blob referencing in
	order to avoid double-free when writing PTIF to memory BLOB. Fixes
	oss-fuzz 8280 "graphicsmagick/coder_PTIF_fuzzer: Heap-double-free
	in Magick::BlobRef::~BlobRef". (Credit to OSS-Fuzz)

2018-05-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (WriteTIFFImage): Use libtiff's
	TIFFDefaultStripSize() function rather than an old porting macro
	required by some defunct libtiff version.  Expected to fix
	oss-fuzz 8248 "graphicsmagick/coder_EPT_fuzzer:
	Floating-point-exception in WriteTIFFImage". (Credit to OSS-Fuzz)

2018-05-13  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix potentional leak when compressed object is
	corrupted. Fixes oss-fuzz 8251 (Credit to OSS-Fuzz)

2018-05-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tiff.c (ReadTIFFImage): Fix leak of Image when
	TIFFReadRGBAImage() reports failure.  Also harden buffer
	allocation calculation.  Fixes oss-fuzz 8275
	"graphicsmagick/coder_BIGTIFF_fuzzer: Indirect-leak in
	AllocateImage". (Credit to OSS-Fuzz)

	* coders/ept.c (ReadEPTImage): Add validations of 'count' and
	'filesize' read from EPT file. In response to oss-fuzz 8248
	"graphicsmagick/coder_EPT_fuzzer: Floating-point-exception in
	WriteTIFFImage" but we are unable to recreate the oss-fuzz issue
	since the EPT reader already immediately reports an EOF exception.

2018-05-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh: Apply SourceForge patch #57 "Add
	fuzzing support for jpeg + freetype delegates" by Alex Gaynor.

	* coders/png.c (read_user_chunk_callback): Fix memory leak and use
	of uninitialized memory when handling eXIf chunk. Fixes oss-fuzz
	8247 "graphicsmagick/coder_PNG24_fuzzer: Direct-leak in
	png_malloc". (Credit to OSS-Fuzz)

2018-05-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* fuzzing/oss-fuzz-build.sh: Apply SourceForge patch #56 "Use a
	few delegate libraries in fuzzing" by Alex Gaynor.

2018-05-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* tests/rwfile.tap: MIFF zip and bzip compression tests do not
	fail if zlib and bzlib are not available because the compression
	request is silently changed to no compression.

2018-05-07  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage, InsertAttributeIntoInputStream):
	For a reference such as 'class="classname"', the "classname"
	is now allowed to be undefined.

	* coders.svg.c (ProcessStyleClassDefs): Class definitions
	defined within a <style> block may now be empty.

	* These relaxed conditions are not specifically called out in
	the SVG spec as being either acceptable or unacceptable, but
	other SVG renderers (e.g., Chrome) handle them this way. These
	changes do not resolve, but are related to, ticket #307.

2018-05-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* utilities/Makefile.am (utilities/tests/montage.log): Fix
	dependency rule so that effects.tap is fully executed before
	execution of montage.tap starts.

2018-05-04  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage, TraceXXX): The PrimitiveInfo
	array used to store points generated by TraceEllipse(), the
	other TraceXXX() functions, and DrawImage() was not always
	being expanded when needed, resulting in writes beyond the
	end of the currently allocated storage. To fix this problem,
	a new data structure PrimitiveInfoMgr, and an associated
	function, PrimtiveInfoRealloc(), were written to handle
	expanding the PrimitiveInfo array as needed. DrawImage() and
	the TraceXXX() functions were modified to prevent the out of
	bounds writes to memory. This fixes ticket #516.

2018-05-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOneJNGImage): Add more JNG chunk
	validations. Fixes an issue reported by "Trace Probe" via a
	follow-up post to SourceForge issue 437 "assertion failure in
	WriteBlob", although the issue described was not reproduced.

	* coders/meta.c (ReadMETAImage): Detect and report 8BIMTEXT and
	8BIMWTEXT decoding problems.  Fixes oss-fuzz 8125
	"graphicsmagick/coder_8BIMTEXT_fuzzer: Use-of-uninitialized-value
	in format8BIM". (Credit to OSS-Fuzz)

2018-05-02  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (TraceStrokePolygon): Excessively
	large values of stroke-width were cascading through
	other computations, causing the function to write beyond
	the end of it's array of points when the stroke-linejoin
	attribute value was "round". Code was added to reallocate
	the array of points as needed, and to limit the size of
	stroke-width (for computational purposes) to no more than
	approximately twice the diagonal size of the output image.
	Fixes ticket #515.

	* The same limit on stroke-width was applied to all other
	instances of the same computation in render.c.

2018-05-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* This change set fixes ticket #471.

	* magick/render.c (DrawImage): Polylines with fewer
	than two points were being flagged as an error. The
	SVG spec has no such restriction (fixed).

	* coders/svg.c (SVGStartElement) Inner <svg> elements
	could modify the output image dimensions if a geometry
	string was supplied. Now the output image dimensions
	are determined by the outermost <svg> only.

2018-05-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (TraceEllipse, TraceRectangle,
	TraceRoundRectangle): Per the SVG spec, rectangles and
	round rectangles having a width or height of zero are
	not rendered. Also per the spec, ellipses having an x
	or y radius of zero are not rendered.  Fixes ticket #457.

2018-04-30  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.h, (PrimitiveInfo), magick/render.c: Added
	member "flags" to PrimitiveInfo to support indicating closed
	shapes (e.g., rectangle, circle, path closed using 'z' or 'Z').
	Updated code in render.c (functions TraceXXX) to indicate
	closed shapes.  This replaces the previous policy of detecing
	closed shapes by comparing the first and last points to see if
	they are identical (within MagickEpsilon). The old policy
	prevented open subpaths with the same first and last point from
	being rendered properly (per the SVG spec) when round or square
	endcaps were enabled.  Part of the fix for ticket #322.

	* magick/render.c (ConvertPrimitiveToPath): Modified duplicate
	point elimination code so that the first and last points of
	a subpath are always preserved.  Consequences: (1) Allows
	for the correct rendering of the sequence "move x1 y1 line
	x1 y1" with round or square endcaps.  Part of the fix for
	ticket #322. (2) Fixes a bug in which eliminating the last
	point as a duplicate caused a closed shape to no longer be
	closed. This would manifest itself, for example, as a small
	"nub" on the boundary of a filled circle.

	* magick/render.c (GetPixelOpacity): Fixed a bug in the
	code that computed the distance between a point and a
	segment (polygon edge).  Prior to this fix, for zero length
	segments this code would generate a divide-by-zero and
	incorrect output. Part of the fix for ticket #322.

	* magick/render.c (DrawPolygonPrimitive): Polygons/paths with
	zero or one points are no longer rendered per the SVG spec.

	* magick/render.c (DrawStrokePolygon): Per the SVG spec, a
	polygon consisting of a single move-to command is not stroked.

	* magick/render.c (TracePath): Per the SVG spec, if the
	endpoints (x1, y1) and (x2, y2) of an arc subpath are identical,
	then this is equivalent to omitting the elliptical arc segment
	entirely.  For rendering purposes the zero length arc is
	treated like a zero length "line to" command to the current
	point.

	* magick/render.c (TraceStrokePolygon): Added code to detect
	zero length open subpaths and return a stroked polygon containing
	no points when round or square endcaps are not enabled.  This
	satisfies the SVG spec requirement that zero length subpaths are
	only stroked if the 'stroke-linecap' property has a value of
	round or square.

	* magick/render.c (TracePath): Fixed a bug in which if a "move to"
	command was followed by additional pairs of points, indicating
	implied "line to" commands, each point was added twice.

2018-04-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pcx.c (ReadPCXImage): Colormap from PCX header is only
	used if colors <= 16. Determination of DirectClass image was
	wrong.  Fixes oss-fuzz 8093 "graphicsmagick/coder_PCX_fuzzer:
	Use-of-uninitialized-value in IsMonochromeImage". (Credit to
	OSS-Fuzz)

2018-04-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* version.sh: Updates to prepare for the 1.3.29 release.

	* coders/pict.c (DecodeImage): Assure that scanline is initialized
	to avoid use of uninitialized data.  Fixes oss-fuzz 8063
	"graphicsmagick/coder_WPG_fuzzer: Use-of-uninitialized-value in
	ReadPICTImage". (Credit to OSS-Fuzz)

	* coders/dpx.c (ReadDPXImage): Assure that NULL pixels is not
	used.  Fixes oss-fuzz 8078 "graphicsmagick/coder_DPX_fuzzer:
	Null-dereference WRITE in ReadDPXImage". (Credit to OSS-Fuzz)

	* NEWS.txt: Update NEWS file with information about changes since
	last release.

2018-04-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dib.c (ReadDIBImage): Disable EOF tests for "ICODIB"
	subformat due to icon file provided by SourceForge issue #557
	"ErrorCorruptImage: Magick: Unexpected end-of-file ()" where an
	EOF error was reported due to no mask data being supplied.

	* coders/png.c (ReadOneJNGImage): The embedded JPEG image is
	required to have the same dimensions as the JNG image as provided
	by JHDR.  Fixes SourceForge bug 555 "heap-buffer-overflow in
	AcquireCacheNexus when processing jng file".  It is likely that
	this issue is precipitated by using 'montage' which seems to set a
	default non-zero image size.
	(ReadMNGImage): By default limit the maximum loops specifiable by
	the MNG LOOP chunk to 512 loops, but allow this to be modified by
	'-define mng:maximum-loops=value'.  Also assure that the value is
	in the range of 0-2147483647 as per the MNG specification.  This
	is to address the denial of service issue described by
	CVE-2018-10177.  This problem was reported to us by Petr Gajdos
	via email on Fri, 20 Apr 2018.

	* coders/dpx.c (ReadDPXImage): Move misplaced channel validation
	code.  Fixes oss-fuzz 8041 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage" and oss-fuzz 8055
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	EnhanceImage". (Credit to OSS-Fuzz)

2018-04-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xpm.c (StringToListMod): Algorithm fixes to fix use of
	uninitialized data.  Fixes oss-fuzz 8046
	"graphicsmagick/coder_XPM_fuzzer: Use-of-uninitialized-value in
	StringToListMod". (Credit to OSS-Fuzz)

2018-04-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xpm.c (ReadXPMImage): Reduce memory consumption further.
	Hopefully fixes oss-fuzz 8013 "graphicsmagick/coder_XPM_fuzzer:
	Out-of-memory in graphicsmagick_coder_XPM_fuzzer". (Credit to
	OSS-Fuzz)

	* magick/utility.c (StringToList): Only allocate the memory
	required when converting string to an ASCII list.  May or may not
	fix oss-fuzz 8013 "graphicsmagick/coder_XPM_fuzzer: Out-of-memory
	in graphicsmagick_coder_XPM_fuzzer". (Credit to OSS-Fuzz)

2018-04-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/bmp.c (ReadBMPImage): Fix benign use of uninitialized
	data when testing header magick.  Fixes oss-fuzz 7980
	"graphicsmagick/coder_BMP_fuzzer: Use-of-uninitialized-value in
	LocaleNCompare". (Credit to OSS-Fuzz)

	* coders/dpx.c (ReadDPXImage): ColorDifferenceCbCr does require
	even image width. Fixes oss-fuzz 7966
	"graphicsmagick/coder_DPX_fuzzer: Unknown signal in
	TentUpsampleChroma". (Credit to OSS-Fuzz)

2018-04-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): ColorDifferenceCbCr element
	requires two samples/pixel, not one. Fixes oss-fuzz 7951
	"graphicsmagick/coder_DPX_fuzzer: Heap-buffer-overflow in
	ReadDPXImage". (Credit to OSS-Fuzz)

2018-04-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdb.c (ReadPDBImage): Assure that pixels buffer is
	initialized.  Fixes oss-fuzz 7937
	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
	ReadPDBImage". (Credit to OSS-Fuzz)

	* coders/mvg.c (ReadMVGImage): Assure that MVG viewbox parameters
	were supplied.  Fixes oss-fuzz 7936
	"graphicsmagick/coder_MVG_fuzzer: Use-of-uninitialized-value in
	ReadMVGImage". (Credit to OSS-Fuzz)

	* coders/dpx.c (ReadDPXImage): Element descriptors CbYCrY422 and
	CbYACrYA4224 require that the image width be evenly divisible by 2
	so enforce that.  Fixes oss-fuzz 7935
	"graphicsmagick/coder_DPX_fuzzer: Heap-buffer-overflow in
	ReadDPXImage". (Credit to OSS-Fuzz)

2018-04-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Reject DPX files which claim to use
	signed data.  Fixes oss-fuzz 7758
	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
	WriteDPXImage". (Credit to OSS-Fuzz)
	(ReadDPXImage): Validate that the image elements do update all of
	the channels, including the alpha channel.  Now report an error if
	a color channel is missing.  Fixes oss-fuzz 7758
	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
	WriteDPXImage".

	* coders/gif.c (DecodeImage): Finally fix oss-fuzz 7732
	"graphicsmagick/coder_GIF_fuzzer: Heap-buffer-overflow in
	DecodeImage" which was not actually fixed with previous
	changes. (Credit to OSS-Fuzz)

2018-04-21  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/topol.c Emit error when tile storage overflows image data;
        fixes oss-fuzz 7769 thanks to oss-fuzz.

2018-04-20  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (ConvertPrimitiveToPath):  Fixed a bug
	in which SVG paths containing multiple open subpaths were
	not being processed correctly, resulting in incorrect
	output.  This fixes ticket #94.

2018-04-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/gif.c (DecodeImage): Fix use of uninitialized memory
	during error condition in decoder. Fixes oss-fuzz 7732
	"graphicsmagick/coder_GIF_fuzzer: Heap-buffer-overflow in
	DecodeImage". (Credit to OSS-Fuzz)

	* coders/txt.c (ReadTXTImage): Assure that all image pixels are
	initialized to black.

	* Magick++/demo/zoom.cpp (main): Add a -read-blob option to read
	input file into a Blob so that it is read by the Blob reader
	rather than the file reader.  Default the output Geometry to the
	input image geometry in case the user does not specify a resize
	resolution or geometry.

	* Magick++/tests/readWriteBlob.cpp (main): Improve the quality of
	code which reads a file into memory for Blob testing.

	* magick/blob.c (BlobToImage): Add exception reports for the cases
	where 'magick' was not set and the file format could not be
	deduced from its header.  Previously a null Image pointer was
	being returned without any exception being thrown.

2018-04-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Assure that CbCr layer initializes
	all channels if it is the first element of a planar DPX.  Fixes
	oss-fuzz 7703 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

	* coders/pict.c (ReadPICTImage): Don't refer to filename member of
	ImageInfo which was just destroyed. Much thanks to Alex Gaynor for
	finding this.  Should fix oss-fuzz 6867
	"graphicsmagick/coder_PCT_fuzzer: Heap-use-after-free in
	GetLocaleExceptionMessage". (Credit to OSS-Fuzz).

2018-04-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/sgi.c (ReadSGIImage): Assure that iris pixels are fully
	initialized.  Fixes oss-fuzz 7543
	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
	SGIEncode". (Credit to OSS-Fuzz).

	* coders/xcf.c (ReadXCFImage): Restore SetImage() which was
	previously commented out.  This is needed to assure initialized
	pixels.  Fixes oss-fuzz 7430 "graphicsmagick/coder_XCF_fuzzer:
	Use-of-uninitialized-value in AlphaCompositePixel". (Credit to
	OSS-Fuzz).

	* coders/pict.c (ReadPICTImage): Properly initialize "black
	canvas" that tiles may be composed on.  Fixes oss-fuzz 7574
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	EnhanceImage". (Credit to OSS-Fuzz).

	* coders/rle.c (ReadRLEImage): Check for EOF when reading comment.
	Fixes oss-fuzz 7667 "graphicsmagick/coder_RLE_fuzzer:
	Use-of-uninitialized-value in ReadRLEImage". (Credit to OSS-Fuzz).

	* coders/pdb.c (WritePDBImage): Avoid use of uninitialized
	bytes. Fixes oss-fuzz 7638 "graphicsmagick/coder_PDB_fuzzer:
	Use-of-uninitialized-value in WritePDBImage". (Credit to
	OSS-Fuzz).

	* coders/rla.c (ReadRLAImage): Add many more validations,
	including scanline offsets and number of channels.  Fixes oss-fuzz
	7653 "graphicsmagick/coder_RLA_fuzzer: Timeout in
	graphicsmagick_coder_RLA_fuzzer". (Credit to OSS-Fuzz).

	* coders/txt.c (ReadTXTImage): Implement missing subrange logic to
	read only the specified range of frames.  Limits frames read from
	oss-fuzz test case
	clusterfuzz-testcase-minimized-coder_TEXT_fuzzer-6061076048248832
	"graphicsmagick/coder_TEXT_fuzzer: Timeout in
	graphicsmagick_coder_TEXT_fuzzer". (Credit to OSS-Fuzz).

	* Magick++/lib/Image.cpp (read): Set subrange = 1 since this
	interface is intended to read just one frame from the input file.
	Use the STL-based interfaces to read multiple frames.

	* coders/fits.c (ReadFITSImage): Verify FITS header before reading
	further.  Rejects file from oss-fuzz 7650
	"graphicsmagick/coder_FITS_fuzzer: Out-of-memory in
	graphicsmagick_coder_FITS_fuzzer".  (Credit to OSS-Fuzz).

	* PerlMagick/Magick.xs (Get): Fix PerlMagick compilation problem
	due to rename/repurposing of image->clip_mask.

2018-04-13  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/image.c, magick/image.h:  In order to be able to
	support SVG masks, and to be able to further extend the
	Image data structure without changing its size, new data
	structure ImageExtra (struct _ImageExtra) has been added.
	Header file image.h contains only a forward declaration;
	the members of ImageExtra are defined in file image.c.
	Image member variable Image * clip_mask has been replaced
	by ImageExtra * extra, and function prototypes that enable
	access to ImageExtra have been added to image.h.  The
	clip_mask member variable now resides in ImageExtra.  All
	references to Image::clip_mask in the GraphicsMagick
	source code have either been replaced with direct references
	to ImageExtra::clip_mask (image.c), or have been replaced
	with calls to access function ImageGetClipMask().

	* magick/render.c, magick/render.h:  In order to be able to
	support SVG masks, and to be able to further extend the
	DrawInfo data structure without changing its size, new data
	structure DrawInfoExtra (struct _DrawInfoExtra) has been added.
	Header file render.h contains only a forward declaration;
	the members of DrawInfoExtra are defined in file render.c.
	DrawInfo member variable char * clip_path has been replaced by
	DrawInfoExtra * extra, and function prototypes that enable
	access to DrawInfoExtra have been added to render.h.  The
	clip_path member variable now resides in ImageExtra.  All
	references to DrawInfo::clip_path in the GraphicsMagick
	source code have either been replaced with direct references
	to DrawInfoExtra::clip_path (render.c), or have been
	replaced with calls to access function DrawInfoGetClipPath().

	* magick/image.c (new functions CompositePathImage,
	CompositeMaskImage, GetImageCompositeMask,
	SetImageCompositeMask):  Defined new data structure ImageExtra,
	added create/destroy logic, and implemented associated access
	functions.  Implemented SVG masks.

	* magick/render.c (DrawImage, new function DrawCompositeMask):
	Defined new data structure DrawInfoExtra, added create/destroy
	logic, and implemented associated access functions.  Impemented
	SVG masks.

	* magick/pixel_cache.c (SyncCacheNexus, new function
	CompositeCacheNexus):  Fixed references to Image::clip_mask.
	Implemented SVG masks.

	* coders/svg.c (SVGStartElement, SVGEndElement): Implemented
	SVG masks.

	* locale/c.mgk, magick/gm_messages.mc, magick/local_c.h:
	Added new error codes to support SVG masks.

	* coders/ps3.c, magick/enhance.c: Fixed references to
	Image::clip_mask.

	* magick/draw.c, wand/drawing_wand.c: Fixed references to
	DrawInfo::clip_path.

2018-04-13  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Crash on row overflow fixed oss-fuzz 7639 thanks to oss-fuzz.

2018-04-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Add more header validations.
	Always assure that scanline is initialized for Luma channel. Fixes
	oss-fuzz 7544 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

	* coders/pdb.c (ReadPDBImage): Add more EOF checks to avoid benign
	use of uninitialized data.  Fixes oss-fuzz 7545
	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
	ReadPDBImage".

	* coders/wpg.c (InsertRow, UnpackWPGRaster): x & y should be
	'unsigned long' to match type used by pixel cache APIs and image
	rows/columns.

2018-04-08  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Stop reading when last row is reached.
	This should stop oss-fuzz 7528 thanks to oss-fuzz.


2018-04-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xcf.c (ReadXCFImage): Fix use of uninitialized data in
	magick header string for runt file.  Fixes oss-fuzz 7521
	"graphicsmagick/coder_XCF_fuzzer: Use-of-uninitialized-value in
	LocaleNCompare". (Credit to OSS-Fuzz).

2018-04-09  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* OVERVIEW: Change set 9aaeeca0224c modified the drawing
	of clipping paths to conform to the SVG spec.  This change
	set restores the previous behavior for non-SVG clients of
	render.c, while still satisfying the SVG spec for SVG clients.

	* magick/render.h (DrawInfo): Added a bit field in member
	"flags" to indicate that drawing should be SVG compliant.

	* magick/render.c (DrawImage): Now recognizes keyword
	"svg-compliant", and tags DrawInfo accordingly.  This
	allows for existing features in render.c to be changed
	to comply with the SVG spec without impacting the previous
	behavior expected by non-SVG clients.

	* magick/render.c (DrawImage): Now uses DrawInfo "flags"
	bit for SVG compliance in conjunction with "flags" bit
	for "clipping path" to determine when to ignore changes
	to fill color, stroke color, etc.  This restores the
	previous behavior for clipping paths for non-SVG clients.

	* coders/svg.c (SVGStartElement): The initial set of
	MVG commands for rendering an SVG file now includes
	new keyword "svg-compliant" (to indicate that certain
	graphical elements should be drawn according to the
	SVG spec), and includes an intialization of the SVG
	"fill-rule" to "nonzero" (the SVG default) instead of
	the internally initialized value of "evenodd".

	* coders/wpg.c: Fixed C99 "//" comments.

2018-04-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pict.c (ReadPICTImage): Copy tile exception info to main
	image and don't composite tile if it has a problem.  Fixes
	oss-fuzz 7169 "graphicsmagick/enhance_fuzzer:
	Use-of-uninitialized-value in EnhanceImage". (Credit to OSS-Fuzz)

	* coders/dib.c (ReadDIBImage): Do not increase decode bits/pixel
	if compression=2, but use it to increase pixel packet size when
	estimating bytes per line for decode buffer.  Fixes oss-fuzz issue
	7324 "graphicsmagick/coder_WPG_fuzzer: Use-of-uninitialized-value
	in ReadDIBImage". (Credit to OSS-Fuzz)

	* coders/dpx.c (ReadDPXImage): When handling the first element of
	a planar DPX, assure that the other channels are
	initialized. Fixes oss-fuzz 7841 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

	* coders/tim.c (ReadTIMImage): Only 4 and 8 bit TIM requires a
	colormap. For other depths, force reading as DirectClass even if
	the TIM file provides a colormap.  Fixes oss-fuzz 7407
	"graphicsmagick/coder_TIM_fuzzer: Use-of-uninitialized-value in
	SyncImageCallBack". (Credit to OSS-Fuzz)

2018-04-08  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c The unread data contains crap in memory,
	erase current image data. This should mute oss-fuzz 6604.

	* coders/wpg.c - condition "if(y<1) continue;" is redundant
	and could be removed completely.
	Allow logging in MatlabV4 module.

	* coders/svg.c - Do not use C++ syntax in C code - removed.

2018-04-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/wpg.c (UnpackWPGRaster): Fix uninitialized row 0 when
	row-based RLE is used.  Fixes oss-fuzz 6603
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	BlendCompositePixel". (Credit to OSS-Fuzz)

	* coders/pcd.c: Fix many issues, including oss-fuzz 6016
	"graphicsmagick/coder_PCD_fuzzer: Heap-double-free in
	MagickRealloc" and oss-fuzz 6108 "graphicsmagick/coder_PCD_fuzzer:
	Unknown signal in AllocateThreadViewDataSet". (Credit to OSS-Fuzz)

2018-04-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (funcDCM_BitsStored): Limit DICOM significant bits
	to 16.  Otherwise rescale map code blows up.  Fixes oss-fuzz 7435
	"graphicsmagick/coder_DCM_fuzzer: Out-of-memory in
	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)

	* coders/pix.c (ReadPIXImage): Detect EOF.  Reject RLE lenth of
	zero.  Fixes oss-fuzz 7440 "graphicsmagick/coder_PIX_fuzzer:
	Out-of-memory in graphicsmagick_coder_PIX_fuzzer". (Credit to
	OSS-Fuzz)

2018-04-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Insist on having an element
	descriptor we understand since otherwise we can not decode the
	image.  Fixes oss-fuzz 7410 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

	* coders/avs.c, etc... (WriteAVSImage): Cache image list length
	before writing image sequence so that progress monitor is
	scalable.  Helps with oss-fuzz 7404
	"graphicsmagick/coder_AVS_fuzzer: Timeout in
	graphicsmagick_coder_AVS_fuzzer". (Credit to OSS-Fuzz)

2018-04-05  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement, SVGEndElement),
	magick/render.c (DrawImage): The current text position
	is now maintained by DrawImage() instead of by
	SVGStartElement() and SVGEndElement().  This change was
	made to support the recently implmemented "use" and
	"class" elements, which may make changes to the font
	size that are not visible to the code in svg.c.

	* coders/svg.c (GetStyleTokens, SVGStartElement): The
	list of SVG attributes is now reordered so that
	"font-size", "class", and "style" are processed first.
	This ensures that a change to the font size will be
	processed before any dimensional attribute whose value
	may depend on the font size (e.g., a width value
	specified in "em" units).

	* coders/svg.c (ProcessStyleClassDefs): Fixed two memory
	leaks associated with making an early return when
	malformed input is detected.

	* magick/render.c (ExtractTokensBetweenPushPop): Fixed
	an uninitialized variable condition which can occur when
	malformed input is detected.

	* magick/render.h (DrawInfo), magick/render.c: DrawInfo
	member "unused1" has been renamed "flags".  It is now
	used to tag a DrawInfo as being a clipping path or a
	compositing mask.

2018-04-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdb.c (ReadPDBImage): Update DirectClass pixels to avoid
	use of uninitialized memory for 2 bits/pixel.  Fixes oss-fuzz 7350
	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
	WritePDBImage".  (Credit to OSS-Fuzz)

	* coders/palm.c (ReadPALMImage): Fix use of uninitialized memory.
	Fixes oss-fuzz 7325 "graphicsmagick/coder_PALM_fuzzer:
	Use-of-uninitialized-value in TransparentImageCallBack". (Credit
	to OSS-Fuzz)

	* coders/dcm.c (DCM_ReadNonNativeImages): Break out of reading
	loop on EOF and properly report exception.  Fixes oss-fuzz 7349
	"graphicsmagick/coder_DCM_fuzzer: Timeout in
	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)

2018-04-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xcf.c (ReadXCFImage): Require that XCF file offsets be in
	ascending order to avoid DOS.  Fixes oss-fuzz 7333
	"graphicsmagick/coder_XCF_fuzzer: Out-of-memory in
	graphicsmagick_coder_XCF_fuzzer". (Credit to OSS-Fuzz)

	* coders/wpg.c (UnpackWPGRaster): Fix memory leak in error return
	path. Fixes oss-fuzz 7338 "graphicsmagick/enhance_fuzzer:
	Direct-leak in UnpackWPGRaster". (Credit to OSS-Fuzz)

2018-04-03  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): This changeset adds
	support for SVG geometric transforms specified using the
	style="transform: ..." syntax.  This syntax is sometimes
	used when exporting SVG files from Adobe Illustrator.

2018-04-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Validate DPX packing method.  Fixes
	oss-fuzz 7296 "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

2018-04-02  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement, SVGEndElement),
	magick/render.c (DrawImage): This changeset adds support for
	"class" styling attributes within a <style> section within
	the <defs> section, and the ability to reference them from
	other SVG elements by class="classname".  SVG files exported
	from Adobe Illustrator make extensive use of "class" definitions.

2018-04-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pict.c (ReadPICTImage): Fix leak of tile image on EOF.
	This is a recent regression.  Fixes oss-fuzz 7287
	"graphicsmagick/coder_PCT_fuzzer: Indirect-leak in
	CloneImage". (Credit to OSS-Fuzz)

	* magick/pixel_cache.c (OpenCache): Use image->scene rather than
	GetImageIndexInList(image) for scene-id part of cache info file
	name.

	* coders/txt.c (WriteTXTImage): Optimize the progress indicator
	since it is very inefficient with a large number of scenes and
	oss-fuzz 7090 "graphicsmagick/coder_TEXT_fuzzer: Timeout in
	graphicsmagick_coder_TEXT_fuzzer" consistently shows
	GetImageListLength() in its stack traces.

	* coders/dcm.c (ReadDCMImage): DICOM reader was no longer
	immediately quitting with excessive samples per pixel.  This
	caused spinning for a very long time when reading planar images
	with large samples per pixel.  This is a regression due to recent
	changes.  Fixes oss-fuzz 7269 "graphicsmagick/coder_DCM_fuzzer:
	Timeout in graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)

	* coders/xcf.c (ReadXCFImage): Destroy layer info before returning
	due to exception.  This is a new regression due to adding more
	checks. Fixes oss-fuzz 7277 "graphicsmagick/coder_XCF_fuzzer:
	Direct-leak in ReadXCFImage". (Credit to OSS-Fuzz)

	* coders/pdb.c (ReadPDBImage): Assure that all bytes of scanline
	are initialized while decoding.  Fixes oss-fuzz 7051
	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
	WritePDBImage". (Credit to OSS-Fuzz)

2018-03-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pcx.c (ReadPCXImage): Assure that scanline is
	initialized.  Fixes oss-fuzz 6612
	"graphicsmagick/coder_PCX_fuzzer: Use-of-uninitialized-value in
	WriteRLEPixels". (Credit to OSS-Fuzz)

	* coders/wpg.c (ReadWPGImage): Detect unexpected EOF and avoid use
	of uninitialized data.  Fixes oss-fuzz 6601
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	ImportIndexQuantumType". (Credit to OSS-Fuzz)

	* coders/sgi.c (ReadSGIImage): Assure that RLE decode buffer is
	initialized.  Fixes oss-fuzz 6599
	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
	SyncImageCallBack" and oss-fuzz 6600
	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
	SGIEncode". (Credit to OSS-Fuzz)

	* coders/viff.c (ReadVIFFImage): Fix blob I/O size validation to
	avoid use of uninitialized data. Fixes oss-fuzz 6597
	"graphicsmagick/coder_VIFF_fuzzer: Use-of-uninitialized-value in
	ThresholdImage". (Credit to OSS-Fuzz)
	(ReadVIFFImage): Don't execute SetImageType(image,BilevelType) on
	an image which has no pixels yet in order to avoid use of
	uninitialized data. Fixes oss-fuzz 6597.  (Credit to OSS-Fuzz)

	* coders/wbmp.c (ReadWBMPImage): Fix blob I/O size validation to
	avoid use of uninitialized data. Fixes oss-fuzz 7047
	"graphicsmagick/coder_WBMP_fuzzer: Use-of-uninitialized-value in
	ReadWBMPImage". (Credit to OSS-Fuzz)

	* coders/wpg.c (ExtractPostscript): Allow non-Postscript content
	but force reading using the magick we already detected.  Also log
	the format that we detected.

	* coders/xcf.c (ReadOneLayer): Reject layer size of 0x0.  Fixes
	oss-fuzz 6636 "graphicsmagick/coder_XCF_fuzzer: Direct-leak in
	MagickMallocAligned". (Credit to OSS-Fuzz)
	(ReadXCFImage): Verify that seek offsets are within the bounds of
	the file data. Fixes oss-fuzz 6682
	"graphicsmagick/coder_XCF_fuzzer: Out-of-memory in
	graphicsmagick_coder_XCF_fuzzer". (Credit to OSS-Fuzz)

	* magick/pixel_cache.c (ModifyCache): Destroy CacheInfo if
	OpenCache() fails so it is not leaked.

	* coders/wpg.c (ExtractPostscript): Enforce that embedded file is
	a Postscript file.  Fixes oss-fuzz 7235
	"graphicsmagick/coder_WPG_fuzzer: Indirect-leak in MagickRealloc".
	This is indicated to be a regression. (Credit to OSS-Fuzz)

2018-03-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pict.c (ReadPICTImage): Check image pixel limits before
	allocating memory for tile.  Fixes oss-fuzz 7217
	"graphicsmagick/coder_PICT_fuzzer: Out-of-memory in
	graphicsmagick_coder_PICT_fuzzer".

2018-03-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pcd.c (ReadPCDImage): Add checks for EOF. Fixes oss-fuzz
	issue 7180 "graphicsmagick/coder_PCDS_fuzzer: Timeout in
	graphicsmagick_coder_PCDS_fuzzer".  (Credit to OSS-Fuzz)

2018-03-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement, SVGEndElement),
	magick/render.c (DrawImage): This changeset implements the SVG
	"use" element.  Graphical elements (e.g., "rect", "text", etc.)
	can be tagged with an identifier using 'id="identifier"' when
	defined within the "defs" section.  They can then be referenced
	elsewhere in the SVG file using:

	<use xlink:href="#identifier" ... />

	When referencing a graphical element by its identifier, the
	following syntaxes are now treated as being the same:

	href="#identifier"
	href="url(#identifier)"
	xlink:href="#identifier"
	xlink:href="url(#identifier)"

2018-03-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/tim.c (ReadTIMImage): Reader was not observing subimage
	and subrange to quit after the specified frame range.  Inspired by
	oss-fuzz 7132 "graphicsmagick/coder_TIM_fuzzer: Timeout in
	graphicsmagick_coder_TIM_fuzzer" (Credit to OSS-Fuzz)

2018-03-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): Enable setting the
	background color from the SVG file when the client
	specifies style="background:color" inside the <svg>
	... </svg> element.

2018-03-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/mtv.c (ReadMTVImage): Add some elementary tracing to MTV
	reader.

	* coders/png.c (ReadMNGImage): Fix SourceForge issue 554
	"Divide-by-zero in ReadMNGImage (coders/png.c)".  (Credit to Trace
	Probe)

	* coders/bmp.c (ReadBMPImage): Assure that start position always
	advances to avoid looping BMPs.  Fixes oss-fuzz 7045
	"graphicsmagick/coder_BMP_fuzzer: Timeout in
	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)

	* coders/pict.c (DecodeImage): Verify that sufficient backing data
	exists before allocating memory to read it.  Fixes oss-fuzz 6629
	"graphicsmagick/coder_PCT_fuzzer: Out-of-memory in
	graphicsmagick_coder_PCT_fuzzer".
	(ReadPICTImage): Destroy tile_image in ThrowPICTReaderException()
	macro to simplify logic.

2018-03-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Check whether datablock is really read.
	Fixes oss-fuzz 7056 (Credit to OSS-Fuzz)

	* coders/txt.c Duplicate image check for data with fixed geometry
	previous check is skipped. Fixes oss-fuzz 7090.

2018-03-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (ReadDCMImage): Validate that samples per pixel is
	in valid range.  Fixes oss-fuzz 6260
	"graphicsmagick/coder_DCM_fuzzer: Out-of-memory in
	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)

	* coders/meta.c (format8BIM): Allocate space for null termination
	and null terminate string.  Fixes oss-fuzz 5985
	"graphicsmagick/coder_8BIMTEXT_fuzzer: Heap-buffer-overflow in
	formatIPTCfromBuffer". (Credit to OSS-Fuzz)

	* coders/fits.c (ReadFITSImage): Include number of FITS scenes in
	file size validations.  Fixes oss-fuzz 6781
	"graphicsmagick/coder_FITS_fuzzer: Timeout in
	graphicsmagick_coder_FITS_fuzzer". (Credit to OSS-Fuzz)

2018-03-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/meta.c (format8BIM): Validate size request prior to
	allocation. Fixes oss-fuzz issue 5974
	"graphicsmagick/coder_8BIMTEXT_fuzzer: Out-of-memory in
	graphicsmagick_coder_8BIMTEXT_fuzzer". (Credit to OSS-Fuzz)

2018-03-23  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix forged amount of frames 7076. (Credit to OSS-Fuzz)

        * coders/topol.c Check for forged image that overflows file size
        (fuzz 6836).

2018-03-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c, render.h (DrawInfo, CloneDrawInfo,
	DrawClipPath, DrawImage, GetDrawInfo): According to the SVG
	spec, a clipping path is defined only by the geometry of its
	constituent elements, and is not dependent on fill color/opacity,
	stroke color/opacity, or stroke width.  To ensure conformity
	with the spec, when a clipping path is created, these SVG
	elements are set to appropriate values, and any attempt to
	modify them is ignored.

	Also, whenever a clipping path is drawn, the associated image
	attributes are now updated from the parent image structure.
	This ensures that any added or modified attributes are up to
	date.

2018-03-22  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/topol.c Use rather MagickSwabArrayOfUInt32() to
        flip all array elements at once.

        * magick/annotate.c Compilation issue - using C++ syntax in C code.

2018-03-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadDPXImage): Validate header length and offset
	properties.  Fixes oss-fuzz "graphicsmagick/coder_DPX_fuzzer:
	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)

2018-03-20  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/annotate.c (RenderType): According to the SVG
	spec, the 'font-family' element can be a comma-separated
	list of one or more font family names.  Function RenderType
	in file annotate.c has been modified to support multiple
	font family names as follows.  The comma-separated list is
	processed until the first available font family is found.
	If no font family is found, or if font substitution occurred,
	then the entire font family string is tested to see if it
	exactly matches a font name, or if the font family string
	with blanks changed to hypens exactly matches a font name.
	If a font name match is found, the matched font overrides
	the font substution.  The font name matching functionality
	is beyond what's in the SVG spec and is provided as a
	convenience to the user.

2018-03-20  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix forged amount of frames 6755. (Credit to OSS-Fuzz)

2018-03-20  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/topol.c Redesign ReadBlobDwordLSB() to be more effective.

2018-03-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/xpm.c (ReadXPMImage): Reject XPM if its condensed version
	contains non-whitespace control characters.  Fixes oss-fuzz 7027
	"graphicsmagick/coder_XPM_fuzzer: Timeout in
	graphicsmagick_coder_XPM_fuzzer". (Credit to OSS-Fuzz)

2018-03-19  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/topol.c Fix tile index overflow fuzz 6634. (Credit to OSS-Fuzz)

2018-03-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (DCM_ReadGrayscaleImage): Don't use rescale map if
	it was not allocated.  This issue was induced in this development
	cycle due to disabling generating the rescale map.  Fixes oss-fuzz
	7021 "graphicsmagick/coder_DCM_fuzzer: Null-dereference READ in
	DCM_ReadGrayscaleImage". (Credit to OSS-Fuzz)

2018-03-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/color_lookup.c (QueryColorDatabase): Defend against
	partial scanf() expression matching, resulting in use of
	uninitialized data.  Likely fixes oss-fuzz 6596
	"graphicsmagick/coder_XPM_fuzzer: Use-of-uninitialized-value in
	IsMonochromeImage". (Credit to OSS-Fuzz)

	* coders/rle.c (ReadRLEImage): Validate number of colormap bits to
	avoid undefined shift behavior.  Fixes oss-fuzz 6630
	"graphicsmagick/enhance_fuzzer: Undefined-shift in
	ReadRLEImage". (Credit to OSS-Fuzz)

	* coders/dcm.c (DCM_ReadRGBImage): Don't use rescale map if it was
	not allocated.  This issue was induced in this development cycle
	due to disabling generating the rescale map.  Fixes oss-fuzz 6995
	"graphicsmagick/coder_DCM_fuzzer: Null-dereference READ in
	DCM_ReadRGBImage". (Credit to OSS-Fuzz)

	* coders/dib.c (DecodeImage): Report failure to decode to expected
	amount of pixel data as an error.  Fixes oss-fuzz 7007
	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
	EnhanceImage". (Credit to OSS-Fuzz)

	* coders/bmp.c (ReadBMPImage): Add file size and offset/seek
	validations.  Fixes oss-fuzz 6623
	"graphicsmagick/coder_BMP_fuzzer: Timeout in
	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)

2018-03-17  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* dcraw/dcraw.c Updated to version 9.27

2018-03-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/gif.c (ReadGIFImage): Fix botched fixes for use of
	uninitialized data when reading GIF extension blocks.  Hopefully
	ok now.

2018-03-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/gif.c (ReadGIFImage): Fix use of uninitialized data when
	reading GIF extension blocks.  Fixes oss-fuzz 6609
	"graphicsmagick/coder_GIF_fuzzer: Use-of-uninitialized-value in
	MagickArraySize". This seems to be a totally benign issue. (Credit
	to OSS-Fuzz)

	* magick/magick.c (MagickSignal): Use an alternate signal stack,
	if available.  This is required for Go lang C language extensions
	since Go lang requests an alternate signal sack, and uses small
	stacks for its threads.  If the library user has not allocated an
	alternate signal stack, then behavior should be just as before.
	Issue was originally reported by yzh杨振宏 on March 1, 2018 via
	the graphicsmagick-help SourceForge mailing list.

2018-02-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/pixel_cache.c (AcquireCacheNexus): Add a check that the
	pixel cache is compatible with the image dimensions.  Fixes
	oss-fuzz issues 5978 5988 5989 5990 5993 6016, and 6056, which are
	all related to the PICT writer. (Credit to OSS-Fuzz)

	* magick/draw.c (DrawGetStrokeDashArray): Check for failure to
	allocate memory.  Patch submited by Petr Gajdos via email on
	February 28, 2018.

2018-02-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/fits.c (ReadFITSImage): Fix signed integer overflow when
	computing pixels size.  Fixes oss-fuzz 6586
	"graphicsmagick/coder_FITS_fuzzer: Integer-overflow in
	ReadFITSImage". (Credit to OSS-Fuzz)

2018-02-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement, SVGEndElement): From the
	SVG spec:  "The 'foreignObject' element allows for inclusion
	of a foreign namespace which has its graphical content drawn
	by a different user agent."  Code has been added to consume
	and discard the 'foreignObject' element and any settings (e.g.,
	fill color) internal to it.  Previously, settings internal
	to the 'foreignObject' element would persist and "leak" into
	the graphic elements that followed it, resulting in undesired
	side effects (e.g., fill color other than the expected default).

2018-02-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawPolygonPrimitive): Fixed a bug
	introduced by changeset 39102dd1d456.  For SVG, this
	changeset applied both the group AND the fill opacity
	values to fill patterns (similarly for stroke).  For WMF,
	however, this caused the fill pattern to be rendered as
	100% transparent.  A closer reading of the SVG spec does
	NOT show that the fill opacity should be applied to the
	fill pattern, so as of this latest changeset only the group
	opacity value is applied to fill and stroke patterns.

2018-02-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/bmp.c (ReadBMPImage): Fix divide by zero regression added
	by latest fixes.  Fixes oss-fuzz 6583
	"graphicsmagick/coder_BMP_fuzzer: Divide-by-zero in ReadBMPImage".
	(Credit to OSS-Fuzz)

2018-02-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pict.c (ReadPICTImage): Validate that PICT rectangles do
	not have zero dimensions.  Specify expected file type when reading
	from a temporary file.  Trace PICT rectangle dimensions.  More
	detection of blob EOF and more error handling.  Fixes oss-fuzz
	issue 6193 "graphicsmagick/coder_PCT_fuzzer: Unknown signal in
	AllocateImageColormap" and likely many oss-fuzz ASAN/UBSAN issues
	reported against "PCT" and "PICT" since this one problem appears
	to be causing a spew of reports.

	* coders/png.c (ReadMNGImage): Detect and handle failure to
	allocate global PLTE.  Problem was reported via email from Petr
	Gajdos on February 26, 2018.

2018-02-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/blob.c (ReadBlobLSBDouble): Make sure imported double is
	a normal value.
	(ReadBlobLSBDoubles): Make sure imported doubles are normal
	values.
	(ReadBlobLSBFloat): Make sure imported float is a normal value.
	(ReadBlobLSBFloats): Make sure imported floats are normal values.
	(ReadBlobMSBFloat): Make sure imported float is a normal value.
	(ReadBlobMSBFloats): Make sure imported floats are normal values.
	(ReadBlobMSBDouble): Make sure imported double is a normal value.
	(ReadBlobMSBDoubles): Make sure imported doubles are normal
	values.

	* magick/import.c (ImportFloat32Quantum): Make sure imported float
	is a normal value.
	(ImportFloat64Quantum): Make sure imported double is a normal
	value.

	* magick/image.h (RoundDoubleToQuantum): Restore previous behavior
	(from earlier today).
	(RoundFloatToQuantum): Restore previous behavior (from earlier
	today).

	* coders/bmp.c (ReadBMPImage): Fix UBSAN runtime error: left shift
	of 205 by 24 places cannot be represented in type 'int'.

	* coders/ept.c (ReadEPTImage): Fix dereference of NULL pointer
	which was detected by UBSAN in the test suite.

	* magick/image.h (RoundDoubleToQuantum): Check double value for
	NaN and infinity in order to avoid undefined behavior.
	(RoundFloatToQuantum): Check float value for NaN and infinity in
	order to avoid undefined behavior.

	* magick/common.h (MAGICK_ISNAN): Add a isnan() wrapper macro.
	(MAGICK_ISINF): Add a isinf() wrapper macro.

2018-02-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix oss-fuzz issue 6273 - Heap-use-after-free in
	GetLocaleExceptionMessage. (Credit to OSS-Fuzz)

2018-02-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (DCM_PostRescaleImage): Remove use of
	DCM_PostRescaleImage() since its implementation is wrong and
	accesses non-allocated heap memory.  Problem was reported by Petr
	Gajdos via email on February 8, 2018.

	* coders/jp2.c (ReadJP2Image): Use a ThrowJP2ReaderException macro
	to automatically clean up when throwing an exception.

	* coders/bmp.c (ReadBMPImage): Report an error if RLE decode does
	not produce the expected number of bytes.  Fixes oss-fuzz issue
	6015 "graphicsmagick/coder_BMP_fuzzer: Out-of-memory in
	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)

2018-02-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage): Fixed a bug in which graphical
	elements defined within <defs> ... </defs> were being rendered,
	contrary to the SVG spec.

2018-02-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawPolygonPrimitive): When filling or
	stroking a polygon using a pattern, the fill (or stroke)
	and group/object opacity values were not being applied to
	the pattern (fixed).

2018-02-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/bmp.c (ReadBMPImage): Fix SeekBlob() return value checks.
	Add more EOF checks.  Require that a provided ba_offset be a
	forward seek in order to avoid the possibility of endless looping.

2018-02-23  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix oss-fuzz issue 6301. (Credit to OSS-Fuzz)

2018-02-22  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/alpha_composite.c (BlendQuantumOpacity): The
	pixel compositing equation used when compositing an
	image into the output was incorrect and has been fixed.

	* magick/render.c (DrawPolygonPrimitive): When
	compositing polygon edge pixels over a transparent
	black background, the code would composite as if the
	background were opaque black, resulting in the edge
	pixels being too dark (fixed).

2018-02-21  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage): Per the SVG spec, opacity,
	fill-opacity, and stroke-opacity values are now clamped
	to [0,1].

	Also fixed two bugs introduced by changeset 91de8039f27d
	(dated 2018-02-12): (1) a group/object opacity value
	specified using a percentage was not being converted to a
	value in [0,1]; (2) if fill-opacity or stroke-opacity was
	1, and the group/object opacity value was set to 1, the
	resulting fill-opacity or stroke-opacity value would be
	set to 0 instead of 1.
	
2018-02-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/viff.c (ReadVIFFImage): Fix excessive memory usage.
	Fixes oss-fuzz 6006 "graphicsmagick/coder_XV_fuzzer: Out-of-memory
	in graphicsmagick_coder_XV_fuzzer". (Credit to OSS-Fuzz)

	* coders/txt.c (ReadInt): Avoid benign signed integer overflow due
	to accepting an arbitrary number of digits.  Fixes oss-fuzz 6002
	"graphicsmagick/coder_TEXT_fuzzer: Integer-overflow in
	ReadInt". (Credit to OSS-Fuzz)

	* coders/viff.c (ReadVIFFImage): Verify that there is sufficient
	data to back up colormap allocation request.  Fixes oss-fuzz 5986
	"graphicsmagick/coder_VIFF_fuzzer: Out-of-memory in
	graphicsmagick_coder_VIFF_fuzzer". (Credit to OSS-Fuzz)

	* magick/memory.c: Define MAGICK_MEMORY_HARD_LIMIT=value to abort
	when memory request exceeds value.  Useful to find location of
	excessive memory requests.

2018-02-19  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): Per the SVG spec, the
	SVG coder now initializes the MVG coder (which renders
	SVG graphical elements) with the the SVG defaults for
	fill color, fill-opacity, stroke color, stroke-opacity,
	and stroke-width.  This makes the SVG coder independent
	of the MVG coder intial state.

2018-02-19  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): Fixed initialization of
	x and y attributes per the SVG spec:  for graphical elements
	"image", "pattern", "text", "rect", and "use", if the x or y
	attribute is not specified, the effect is as if a value of
	"0" were specified.

2018-02-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/sun.c (ReadSUNImage): Fix edge case which broke file-size
	validation logic.  Fixes oss-fuzz issue 5981
	"graphicsmagick/coder_SUN_fuzzer: Out-of-memory in
	graphicsmagick_coder_SUN_fuzzer". (Credit to OSS-Fuzz)

	* coders/txt.c (ReadTXTImage): Validate that file size is
	sufficient for claimed image properties.  Fixes oss-fuzz issue
	5960 "graphicsmagick/coder_TXT_fuzzer: Out-of-memory in
	graphicsmagick_coder_TXT_fuzzer". (Credit to OSS-Fuzz)

	* coders/tga.c (ReadTGAImage): Only allow 1 and 8 bit
	colormapped/grey images. Fixes oss-fuzz issue 6314
	"graphicsmagick/coder_ICB_fuzzer: Undefined-shift in
	ReadTGAImage". (Credit to OSS-Fuzz)

	* coders/bmp.c (ReadBMPImage): Detect and report when BMP height
	value is out of range (too negative). Fixes oss-fuzz issue 6394
	"graphicsmagick/coder_BMP_fuzzer: Integer-overflow in
	ReadBMPImage". (Credit to OSS-Fuzz)

	* coders/rla.c (ReadRLAImage): Detect when RLE decoding is
	producing too many samples and report as an error.  Fixes oss-fuzz
	issue 6312 "graphicsmagick/coder_RLA_fuzzer: Timeout in
	graphicsmagick_coder_RLA_fuzzer". (Credit to OSS-Fuzz)

	* coders/fits.c (ReadFITSImage): Validate that file size is
	sufficient for claimed image properties.  Fixes oss-fuzz issue
	6429 "graphicsmagick/coder_FITS_fuzzer: Timeout in
	graphicsmagick_coder_FITS_fuzzer". (Credit to OSS-Fuzz)

	* magick/image.c (CloneImage): Check image pixel limits in
	CloneImage() when it is used to change the image dimensions.  This
	avoids depending on the using code to detect and report such
	issues.

	* coders/xcf.c (ReadXCFImage): Check image pixel limits after each
	CloneImage() to assure that image is within specified resource
	limits.  Fixes oss-fuzz issue 6399 "graphicsmagick/enhance_fuzzer:
	Timeout in graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)

2018-02-16  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (TracePath): TracePath() was not
	correctly processing multiple sets of cubic or quadratic
	Bezier coordinates when the previous path data command was
	not a cubic or quadratic Bezier command.  This would result
	in the first control point being equal to the current path
	point instead of being computed using the current path
	point and the second control point of the previous Bezier
	command.

2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (TracePath): TracePath() was not
	consuming commas (if present) at the end of a set of
	points when multiple sets of points were specified for
	various path commands (e.g., line, Bezier). This
	resulted in the remaining sets of points being ignored
	(fixed).

2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (TraceArcPath): No points are generated
	by TraceArcPath() if the starting and ending arc points
	are the same.  For this case, the coordinate count was not
	being set to zero before returning (fixed).

2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage): Clipping of polygons in
	DrawImage() would sometime result in a starting pixel
	location that was greater than the ending pixel location,
	causing a subsequent call to GetImagePixelsEx() to fail
	due a column count <= 0.  Modified the clipping code to
	eliminate this condition, and also to return early if
	the polygon lies completely outside the image boundaries.
	Also fixed variable declarations from a previous commit
	that were causing problems for the C89 compiler.

2018-02-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/topol.c (ReadTOPOLImage): Detect EOF immediately rather
	than spinning.  Fixes oss-fuzz issue 6303
	"graphicsmagick/coder_TOPOL_fuzzer: Timeout in
	graphicsmagick_coder_TOPOL_fuzzer". (Credit to OSS-Fuzz)

	* coders/dcm.c (DCM_SetupRescaleMap): Avoid excessive left shift.
	Fixes oss-fuzz issue 6256 "graphicsmagick/coder_DCM_fuzzer:
	Undefined-shift in DCM_SetupRescaleMap". (Credit to OSS-Fuzz)

2018-02-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/wpg.c (ExtractPostscript): Detect EOF on input while
	transferring bytes to Postscript file.  Fixes oss-fuzz issue 6087
	"graphicsmagick/coder_WPG_fuzzer: NULL".  Later identified to be
	CVE-2017-17682 as previously discovered in ImageMagick.  (Credit to
	OSS-Fuzz)

	* coders/pdb.c (ReadPDBImage): Quit attempting to read image data
	immediately at EOF. Fixes oss-fuzz issue 6252
	"graphicsmagick/coder_PDB_fuzzer: Timeout in
	graphicsmagick_coder_PDB_fuzzer".  (Credit to OSS-Fuzz)

2018-02-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/topol.c (ReadTOPOLImage): Avoid index out of bounds when
	input filename does not use a file extension. Fixes oss-fuzz issue
	6237 "graphicsmagick/coder_TOPOL_fuzzer: Index-out-of-bounds in
	ReadTOPOLImage".  (Credit to OSS-Fuzz)

2018-02-12  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (DrawImage): Object/group opacity,
	when set in DrawImage(), would overwrite the fill
	and stroke opacities. This has been fixed so that
	the object opacity is now combined with the fill
	and stroke opacities per the SVG spec.

2018-02-12  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/mat.c Fix oss-fuzz issue 6021. (Credit to OSS-Fuzz)

2018-02-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dcm.c (ReadDCMImage): Avoid undefined left shift of
	short.  Fix memory leaks in error reporting paths.  Fixes oss-fuzz
	issue 6217 "graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
	ReadDCMImage". (Credit to OSS-Fuzz)

	* coders/dpx.c (ReadDPXImage): Avoid divide by zero exception in
	the case where reference high equals reference low. Fixes oss-fuzz
	issue 6215 "graphicsmagick/coder_DPX_fuzzer: Divide-by-zero in
	ReadDPXImage". (Credit to OSS-Fuzz)

	* coders/topol.c (ReadTOPOLImage): Avoid index out of bounds when
	input filename does not use a file extension.

	* coders/cut.c (ReadCUTImage): Avoid index out of bounds when
	input filename does not use a file extension. Fixes oss-fuzz issue
	6218 "graphicsmagick/coder_CUT_fuzzer: Index-out-of-bounds in
	ReadCUTImage".  (Credit to OSS-Fuzz)

	* coders/pwp.c (ReadPWPImage): Force temporary file to be read as
	a SFW file rather than autodetecting the format.  Fixes oss-fuzz
	issue 6220 "graphicsmagick/coder_PWP_fuzzer: Indirect-leak in
	AllocateImage".  (Credit to OSS-Fuzz)

2018-02-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdf.c (WritePDFImage): Assure that xref memory is not
	leaked if an exception is thrown.  Fixes oss-fuzz issue 5968
	"graphicsmagick/coder_EPDF_fuzzer: Direct-leak in MagickRealloc".
	(Credit to OSS-Fuzz)

	* coders/tim.c (ReadTIMImage): Verify that 4/8 bit PSX TIM
	provides a CLUT and verify indexes.  Fixes oss-fuzz issue 5972
	"graphicsmagick/coder_TIM_fuzzer: Null-dereference WRITE in
	ReadTIMImage".  (Credit to OSS-Fuzz)

	* coders/topol.c (ReadTOPOLImage): Add additional header
	validations.  Fixes oss-fuzz issue 5975
	"graphicsmagick/coder_TOPOL_fuzzer: Floating-point-exception in
	ReadTOPOLImage".  (Credit to OSS-Fuzz)

	* coders/bmp.c (ReadBMPImage): Avoid possible division by zero
	when decoding CIE primary values. (Credit to OSS-Fuzz)

	* magick/export.c (ExportViewPixelArea): Only compute
	unsigned_maxvalue if sample_bits <= 32.

	* magick/import.c (ImportViewPixelArea): Assure that
	double_maxvalue minus double_minvalue is not zero, or excessively
	close to zero to avoid divide by zero exception or impossible
	scaling factor. (Credit to OSS-Fuzz)
	(ImportViewPixelArea): Only compute unsigned_maxvalue if
	sample_bits <= 32.

2018-02-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dib.c (ReadDIBImage): Validate that image width is not
	too negative such that it's absolute value can not fit in 32-bit
	unsigned width. Resolves oss-fuzz issue 6179
	"graphicsmagick/coder_ICO_fuzzer: Integer-overflow in
	ReadDIBImage". (Credit to OSS-Fuzz)

	* coders/dcm.c (funcDCM_BitsStored): Validate DICOM datum size.
	Use a different means to determine the maximum value which does
	not use excessive shifting.  Resolves oss-fuzz issue 6165
	"graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
	funcDCM_BitsStored". (Credit to OSS-Fuzz)

2018-02-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/dpx.c (ReadWordU32BE): Add casts to avoid default type
	promotion from unsigned char to 'int' leading to undefined
	behavior for 24 bit shift. Fixes oss-fuzz issue 6058
	"graphicsmagick/coder_DPX_fuzzer: Undefined-shift in
	ReadWordU32BE". (Credit to OSS-Fuzz)
	(ReadDPXImage): Require that the file has at least one element.
	Add bountiful casts for values which are left-shifted.  Fixes
	oss-fuzz issue 5962 "graphicsmagick/coder_DPX_fuzzer:
	Undefined-shift in ReadDPXImage". (Credit to OSS-Fuzz)

	* coders/dcm.c (DCM_ReadOffsetTable): Add casts Add casts to avoid
	default type promotion from unsigned char to 'int' leading to
	undefined behavior for 16 bit shift. Fixes oss-fuzz issue 5980
	"graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
	DCM_ReadOffsetTable". (Credit to OSS-Fuzz)

	* magick/module_aliases.h (ModuleAliases): Add missing mapping
	from "ICODIB" format to "DIB" module.

	* magick/import.c (ImportUInt32Quantum): Add casts to avoid
	default type promotion from unsigned char to 'int' leading to
	undefined behavior for 24 bit shift.  Fixes oss-fuzz
	"graphicsmagick/coder_P7_fuzzer: Undefined-shift in
	ImportRGBQuantumType". (Credit to OSS-Fuzz)

2018-02-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Fix oss-fuzz issue 5964
	"graphicsmagick/coder_MAT_fuzzer: Heap-use-after-free in
	GetLocaleExceptionMessage". (Credit to OSS-Fuzz)

2018-02-07	Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/render.c (IsPoint): Fixed a bug in which
	IsPoint() would reject as a valid coordinate value
	strings that did not begin with an integer: e.g.,
	"0.25" would be accepted, but ".25" would not.

2018-02-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/cut.c (ReadCUTImage): Fix DestroyImageInfo() of NULL
	pointer leading to assertion.  Fixes oss-fuzz issue 6067
	"graphicsmagick/coder_CUT_fuzzer: Unknown signal in
	DestroyImageInfo".

	* coders/tga.c (ReadTGAImage): Throw exception rather than
	assertion for unexpected comment size.  Fixes oss-fuzz issue 5961
	"graphicsmagick/coder_ICB_fuzzer: ASSERT: (size_t)
	(tga_info.id_length+1) == commentsize".

2018-02-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdf.c (WritePDFImage): Free 'xref' allocation before
	error return.  Fixes oss-fuzz issue 5968
	"graphicsmagick/coder_EPDF_fuzzer: Direct-leak in MagickRealloc".

2018-02-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/pdb.c (ReadPDBImage): Fix heap buffer overflow if blob is
	already at EOF when comment is read.  Fixes oss-fuzz issue 5997
	"graphicsmagick/coder_PDB_fuzzer: Heap-buffer-overflow in
	SetImageAttribute".

	* coders/dpx.c (ReadDPXImage): Fix memory leak of user data if
	user data is truncated.  Fix consumption of one uninitialized
	stack bytes.  Fixes oss-fuzz issue 5973:
	graphicsmagick/enhance_fuzzer: Direct-leak in ReadDPXImage.

	* coders/pnm.c (ReadPNMImage): Detect and avoid division by zero.
	Fixes Issue 5959 in oss-fuzz: graphicsmagick/coder_P7_fuzzer:
	Divide-by-zero in ReadPNMImage

	* magick/xwindow.c (MagickXClientMessage): Eliminate valgrind
	gripe about use of uninitialized stack data by clearing allocation
	to zero.
	(MagickXMakeImage): Eliminate valgrind gripe about use of
	uninitialized heap data by clearing allocation to zero.

	* coders/pwp.c (ReadPWPImage): Remove bogus EOF test on an image
	with a closed blob.  Fixes Issue 5957 in oss-fuzz:
	graphicsmagick/coder_PWP_fuzzer: ASSERT: image->blob->type !=
	UndefinedStream.

	* www/Changes.rst: Fix typo with spelling "ChangeLog-2017.html".
	Resolves SourceForge issue #544 "dead link 2017 changelog page on
	GraphicsMagick web site".

2018-02-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/static.c (OpenModule): Assure that status is initialized.
	Resolves Coverity 261207 "Uninitialized scalar variable".

	* wand/magick_wand.c (MagickHasColormap): New function to test if
	the image has a colormap.
	(MagickIsGrayImage): New function to test if the image uses only
	gray pixels.
	(MagickIsMonochromeImage): New function to test if the image uses
	only monochrome pixels.
	(MagickIsOpaqueImage): New function to test if the image uses only
	opaque pixels.
	(MagickIsPaletteImage): New function to test if the image is based
	on a color palette.  Above functions are written by Troy Patteson
	and submitted via SourceForge patch #54 "Wand API patches: has
	colormap, is gray image, is monochrome image, is opaque image, is
	palette image".

	* fuzzing: Added initial OSS-Fuzz integration by Alex Gaynor.
	From SourceForge patch #55 "OSS-Fuzz integration"

	* coders/png.c (ReadMNGImage): Fix free using possibly unallocated
	pointer value.

	* magick/blob.c (SeekBlob): Remove implicit extension of blob
	allocation size based on seek offset.  Besides making an
	assumption about how the blob memory was allocated, this
	reallocation feature provides a memory DOS opportunity.  Resolves
	issue reported by Alex Gaynor via email entitled "Security issue
	with memory management in Magick++" to the graphicsmagick-security
	list on 31 Jan 2018.
	(SeekBlob):

	* coders/jpeg.c (ReadIPTCProfile): Revert inadvertent wrong return
	codes added by change on December 9, 2017.  Fixes SourceForge bug
	542 "Improper call to JPEG library in state 201" since 1.3.28.

2018-02-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/annotate.c (RenderFreetype): Fixed the text
	opacity computation in RenderFreeType(). This bug caused
	the text fill color to bleed into the character cell when
	the SVG "fill-opacity" is less than 1.0.

2018-02-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* magick/attribute.c (CloneImageAttributes): Fixed a bug
	in which the source image attributes would always replace
	the destination image attributes instead of being appended
	to them, and the destination image attributes would become
	a memory leak.

2018-01-31  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): Fixed a bug in which the
	x,y location values for a <text> or <tspan> were overwritten
	by the x,y values for the next <tspan> before the previous
	values were used.  This caused the text associated with the
	previous <text> or <tspan> to appear at the location
	specified for the next <tspan>.

2018-01-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/static.c: Use !defined(SupportMagickModules) to enable
	static module loader.  Fixes SourceForge bug #543 "Multiple
	definition of "OpenModule" (etc) when cross-compiling shared".

2018-01-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): A terminating '>' in
	a geometry string is interpreted to mean that the dimensions
	of an image should only be changed if its width or height
	exceeds the geometry specification.  For an unapparent and
	undocumented reason, a terminating '>', if present, was
	being nulled out, making this feature unusable for SVG files
	(now fixed).

2018-01-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (ReadSVGImage): If there is a geometry string
	in image_info->size (e.g., gm convert -size "50x50%" in.svg
	out.png), AllocateImage() sets image->columns and image->rows
	to the width and height values from the size string.  However,
	this makes no sense if the size string was something like
	"50x50%" (we'll get columns = rows = 50).  So we set columns
	and rows to 0 after AllocateImage(), which is the same as if
	no size string was supplied by the client.  This also results
	in svg_info.bounds to be set to 0,0 (i.e., unknown), so that
	svg_info.bounds will later be set using the image size
	information from either the svg "canvas" width/height or from
	the viewbox.  Later, variable "page" is set from
	svg_info->bounds. Then the geometry string in image_info->size
	gets applied to the (now known) "page" width and height when
	SvgStartElement() calls GetMagickGeometry(), and the intended
	result is obtained.


2018-01-24  Greg Wolfe  <gregory.wolfe@kodakalaris.com>

	* coders/svg.c (SVGStartElement): When the density (DPI)
	is specified using the ImageInfo::density member, the derived
	scale factor is incorrectly applied a second time to the
	width and height members of variable RectangleInfo page.
	Fixes SourceForge ticket #451.

2018-01-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/static.c: Use a lazy-loader for static modules with the
	same external interface as the lazy-loader for dynamic modules.

2018-01-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* NEWS.txt: Prepare for 1.3.28 release.

2018-01-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* NEWS.txt: Update with changes since previous release.

2018-01-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* PerlMagick/Magick.xs: Compiler warnings reduction.

	* magick/pixel_cache.h: Mark GetPixels(), GetIndexes(), and
	GetOnePixel() as deprecated.  Compilers may produce a warning if
	these functions are used.

	* magick/pixel_cache.c (InterpolateColor): Return black pixel if
	InterpolateViewColor() reports failure.

	* coders/png.c (ReadMNGImage): Fix memory leak of chunk and
	mng_info in error path.

	* coders/gif.c (ReadGIFImage): Fix memory leak of global colormap.

2018-01-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/symbols.h: Fix SourceForge issue #538 "13 symbols in
	common with ImageMagick despite --enable-symbol-prefix".

	* coders/bmp.c (ReadBMPImage): Fix non-terminal loop due to
	unexpected bit-field mask value.  Fixes SourceForge issue #541
	"Infinite Loop in ReadBMPImage (coders/bmp.c)".

	* coders/jpeg.c (JPEGMessageHandler): Revert code added on
	2017-07-08 to promote certain warnings from libjpeg to errors.
	Add code to rationalize claimed image dimensions based on file
	size.  Resolves SourceForge issue #539 "Images with libjpeg
	warnings result in error".

2018-01-11  Fojtik Jaroslav  <JaFojtik@seznam.cz>

	* coders/wpg.c Recursive ReadImage could return multiple scenes
          fixed.

2018-01-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* coders/png.c (ReadOnePNGImage): Quit 'passes' loop if we
	encountered an error

	* magick/pixel_cache.c (SetNexus): Fix heap overwrite in
	AcquireCacheNexus() due to SetNexus() not using an allocated
	staging area for the pixels like it should.  This problem impacts
	all 1.3.X releases.  Resolves SourceForge issues 532
	"heap-buffer-overflow bug in ReadWPGImage" and #531
	"heap-buffer-overflow in AcquireCacheNexus".

	* magick/pixel_cache.c (InterpolateViewColor): Now returns
	MagickPassFail rather than void.  Code using this function is
	updated to check the return status.

2018-01-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/describe.c (DescribeImage): Discriminate between
	AcquireImagePixels() returning NULL or finding a transparent
	pixel.  This avoids use of a null pointer in the case where
	AcquireImagePixels() returns NULL.

2017-12-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* magick/static.c: Change static module initialization to be based
	on an initialized list rather than a squence of function calls in
	order to simplify maintenance and possibly address future
	requirements.

2017-12-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>

	* Copyright.txt: Bump copyright years and rotate ChangeLog.