1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
# HG changeset patch
# User Glenn Randers-Pehrson <glennrp+bmo@gmail.com>
# Date 1501123201 14400
# Node ID cd699a44f188acf23493c969ef2d3f9fa7c8f8df
# Parent be898b7c97bd855fc6fa0cef983faae916bd0c93
Reject MNG with too-large dimensions (over 65535)
diff -r be898b7c97bd -r cd699a44f188 coders/png.c
--- a/coders/png.c Wed Jul 26 19:47:56 2017 -0500
+++ b/coders/png.c Wed Jul 26 22:40:01 2017 -0400
@@ -4084,11 +4084,17 @@
mng_info->image=image;
}
- if ((mng_info->mng_width > 65535L) || (mng_info->mng_height
- > 65535L))
- (void) ThrowException(&image->exception,ImageError,
- WidthOrHeightExceedsLimit,
- image->filename);
+ if ((mng_info->mng_width > 65535L) ||
+ (mng_info->mng_height > 65535L))
+ {
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ " MNG width or height is too large: %lu, %lu",
+ mng_info->mng_width,mng_info->mng_height);
+ MagickFreeMemory(chunk);
+ ThrowReaderException(CorruptImageError,
+ ImproperImageHeader,image);
+ }
+
FormatString(page_geometry,"%lux%lu+0+0",mng_info->mng_width,
mng_info->mng_height);
mng_info->frame.left=0;
|
