SCT: Fix stack-buffer read overflow while reading file header.
authorBob Friesenhahn <bfriesen@GraphicsMagick.org>
Sat, 10 Sep 2016 15:21:05 -0500
changeset 14918 0a0dfa81906d
parent 14917 3161d55d0c2f
child 14919 c53725cb5449
SCT: Fix stack-buffer read overflow while reading file header.
ChangeLog
coders/sct.c
www/Changelog.html
--- a/ChangeLog	Sat Sep 10 13:17:49 2016 -0500
+++ b/ChangeLog	Sat Sep 10 15:21:05 2016 -0500
@@ -1,5 +1,9 @@
 2016-09-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
+	* coders/sct.c (ReadSCTImage): Fix stack-buffer read overflow
+	while reading SCT header.  Problem was reported via email by
+	Agostino Sarubbo on 2016-09-09.
+
 	* coders/svg.c: Fix Coverity issue 135772 "RESOURCE_LEAK" and
 	issue 135829 "Null pointer dereferences".  None of these issues
 	were new, but Coverity noticed them now.  Reflowed source to GNU C
--- a/coders/sct.c	Sat Sep 10 13:17:49 2016 -0500
+++ b/coders/sct.c	Sat Sep 10 15:21:05 2016 -0500
@@ -188,9 +188,11 @@
         break;
       if (ReadBlob(image,14,(char *) buffer) != 14)
         break;
+      buffer[14]='\0';
       image->rows=MagickAtoL(buffer) & 0x7FFFFFFF;
       if (ReadBlob(image,14,(char *) buffer) != 14)
         break;
+      buffer[14]='\0';
       image->columns=MagickAtoL(buffer) & 0x7FFFFFFF;
       if (ReadBlob(image,196,(char *) buffer) != 196)
         break;
--- a/www/Changelog.html	Sat Sep 10 13:17:49 2016 -0500
+++ b/www/Changelog.html	Sat Sep 10 15:21:05 2016 -0500
@@ -38,6 +38,9 @@
 <p>2016-09-10  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
 <blockquote>
 <ul class="simple">
+<li>coders/sct.c (ReadSCTImage): Fix stack-buffer read overflow
+while reading SCT header.  Problem was reported via email by
+Agostino Sarubbo on 2016-09-09.</li>
 <li>coders/svg.c: Fix Coverity issue 135772 &quot;RESOURCE_LEAK&quot; and
 issue 135829 &quot;Null pointer dereferences&quot;.  None of these issues
 were new, but Coverity noticed them now.  Reflowed source to GNU C