ImageMagick-6.9.4-7差分

ImageMagick

ImageMagick-6.9.4-6差分 - yoyaのメモの続き

The latest release of ImageMagick is version 6.9.4-7

まとめ

  • コーダーのpath探索のチェックに抜け
  • 画像差分のαチャネル不具合修正
  • 小さなメモリリーク修正

差分

ChangeLog の分
ChangeLogにない差分
  • /coders/psd.c
    • PDFQuantum に 12 を足してる
2545c2545,2549
<         if ((q+PSDQuantum(count)+12) < (datum+length-16))
---
>         ssize_t
>           quantum;
>
>         quantum=PSDQuantum(count)+12;
>         if ((quantum >= 12) && (q+quantum < (datum+length-16)))
2547,2549c2551,2552
<             (void) CopyMagickMemory(q,q+PSDQuantum(count)+12,length-
<               (PSDQuantum(count)+12)-(q-datum));
<             SetStringInfoLength(bim_profile,length-(PSDQuantum(count)+12));
---
>             (void) CopyMagickMemory(q,q+quantum,length-quantum-(q-datum));
>             SetStringInfoLength(bim_profile,length-quantum);
  • coders/sun.c
59a60
> #include "magick/memory-private.h"
266d266
<     data_length,
424a425,426
>     if (HeapOverflowSanityCheck(sun_info.width,sun_info.depth) != MagickFalse)
>       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
    • 文字列 0 terminate
<         while ((n=ReadBlob(image,MaxTextExtent,message)) != 0)
---
>         while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0)
2978a2979
>           message[n]='\0';
3201c3202,3203
<   n=ReadBlob(image,MaxTextExtent,message);
---
>   n=ReadBlob(image,MaxTextExtent-1,message);
>   message[n]='\0';
3206c3208
<       while ((n=ReadBlob(image,MaxTextExtent,message)) != 0)
---
>       while ((n=ReadBlob(image,MaxTextExtent-1,message)) != 0)
  • magick/draw.c
    • number_points が MagickSizeType に収まるかのチェック?
2895c2899,2900
<       if (primitive_info == (PrimitiveInfo *) NULL)
---
>       if ((primitive_info == (PrimitiveInfo *) NULL) ||
>           (number_points != (MagickSizeType) ((size_t) number_points)))
    • GetMagickInfo のエラー処理
>       magick_info=GetMagickInfo(magic,sans_exception);
>       if ((magick_info != (const MagickInfo *) NULL) &&
>           (IsMagickConflict(magic) == MagickFalse))
2829d2833
<   magick_info=GetMagickInfo(magic,sans_exception);
2833a2838,2839
    • affirm のエラーチェック
>   if (image_info->affirm != MagickFalse)
>     {
2835a2842
>     }
  • magick/module.c
    • GetMagickModulePath で / を許可しない
static MagickBooleanType GetMagickModulePath(const char *filename,
  MagickModuleType module_type,char *path,ExceptionInfo *exception)
<略>
>   if (strchr(filename,'/') != (char *) NULL)
>     return(MagickFalse);

-

    • InitOpenCLEnvInternal のエラー処理
1423d1422
<     status = MagickFalse;
2364a2364,2366
>   MagickBooleanType
>     status;
>
2397c2399
<   InitOpenCLEnvInternal(clEnv,exception);
---
>   status=InitOpenCLEnvInternal(clEnv,exception);
2401a2404
>   if (status != MagickFalse)
2451a2455
>           if (event_count > 0)
2474a2479,2480
>
>   if (status != MagickFalse)
2475a2482,2483
>   else
>     *(AccelerateScoreType*)device->score=42;

ChangeLog

2016-06-03  6.9.4-7 Cristy  <quetzlzacatenango@image...>
  * Release ImageMagick version 6.9.4-7, GIT revision 10847:339f803:20160602.

2016-06-02  6.9.4-7 Cristy  <quetzlzacatenango@image...>
  * Fix small memory leak (patch provided by Андрей Черный).
  * Coder path traversal is not authorized (bug report provided by
    Masaaki Chida).
  * Turn off alpha channel for the compare difference image (reference
    http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29828).