1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
From: Dirk Lemstra <dirk@lemstra.org>
Date: Tue, 30 Nov 2021 20:19:09 +0100
Subject: Added check for invalid size.
origin: https://github.com/ImageMagick/ImageMagick6/commit/94f76dd2f760241bec51e7d66873e77a58d812ba.patch
---
coders/bmp.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/coders/bmp.c b/coders/bmp.c
index 8b7b2a2..c5ccb70 100644
--- a/coders/bmp.c
+++ b/coders/bmp.c
@@ -624,16 +624,10 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
bmp_info.file_size=ReadBlobLSBLong(image);
(void) ReadBlobLSBLong(image);
-
- if (image->debug != MagickFalse)
- (void) LogMagickEvent(CoderEvent,GetMagickModule(),
- " File_size in header: %u bytes",bmp_info.file_size);
-
bmp_info.offset_bits=ReadBlobLSBLong(image);
bmp_info.size=ReadBlobLSBLong(image);
- if (image->debug != MagickFalse)
- (void) LogMagickEvent(CoderEvent,GetMagickModule()," BMP size: %u",
- bmp_info.size);
+ if (bmp_info.size > 124)
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
profile_data=0;
profile_size=0;
if (bmp_info.size == 12)
|
