*coders/png.c (ReadOneJNGImage): Enforce spec requirement that
the dimensions of the JPEG embedded in a JDAT chunk must match
the JHDR dimensions.
--- a/ChangeLog Thu Oct 20 20:04:02 2016 -0500
+++ b/ChangeLog Fri Oct 21 21:28:56 2016 -0400
@@ -1,4 +1,8 @@
-2016-10-09 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us>
+2016-10-21 Glenn Randers-Pehrson <glennrp@simple.dallas.tx.us>
+
+ *coders/png.c (ReadOneJNGImage): Enforce spec requirement that
+ the dimensions of the JPEG embedded in a JDAT chunk must match
+ the JHDR dimensions.
*doc/options.imdoc (-strip): Added a caution to not use the -strip
option to remove author, copyright, and license information
--- a/coders/png.c Thu Oct 20 20:04:02 2016 -0500
+++ b/coders/png.c Fri Oct 21 21:28:56 2016 -0400
@@ -2801,6 +2801,10 @@
long
y;
+ magick_int64_t
+ height_resource,
+ width_resource;
+
unsigned long
jng_height,
jng_width;
@@ -2871,6 +2875,10 @@
read_JSEP=MagickFalse;
reading_idat=MagickFalse;
+
+ width_resource = GetMagickResourceLimit(WidthResource);
+ height_resource = GetMagickResourceLimit(HeightResource);
+
for (;;)
{
char
@@ -3004,6 +3012,10 @@
ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
}
+ /* Temporarily set width and height resources to match JHDR */
+ SetMagickResourceLimit(WidthResource,jng_width);
+ SetMagickResourceLimit(HeightResource,jng_height);
+
continue;
}
@@ -3444,6 +3456,10 @@
if (logging)
(void) LogMagickEvent(CoderEvent,GetMagickModule(),
" exit ReadOneJNGImage()");
+
+ SetMagickResourceLimit(WidthResource,width_resource);
+ SetMagickResourceLimit(HeightResource,height_resource);
+
return (image);
}