PNG: Fix heap read overrun while testing pixels for opacity.
authorBob Friesenhahn <bfriesen@GraphicsMagick.org>
Thu, 07 Dec 2017 08:47:15 -0600
changeset 15291 5b8414c0d0c4
parent 15290 f1c418ef0260
child 15292 fef45fe0da8b
PNG: Fix heap read overrun while testing pixels for opacity.
ChangeLog
VisualMagick/installer/inc/version.isx
coders/png.c
magick/version.h
www/Changelog.html
--- a/ChangeLog	Wed Dec 06 21:08:47 2017 -0600
+++ b/ChangeLog	Thu Dec 07 08:47:15 2017 -0600
@@ -1,3 +1,10 @@
+2017-12-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* coders/png.c (WriteOnePNGImage): Fix heap read access outside of
+	allocated PixelPacket array while testing pixels for opacity.
+	Resolves SourceForge issue #526 "heap-buffer-overflow in
+	WriteOnePNGImage".
+
 2017-12-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
 	* coders/pnm.c (WritePNMImage): Fix SourceForge bug #525
--- a/VisualMagick/installer/inc/version.isx	Wed Dec 06 21:08:47 2017 -0600
+++ b/VisualMagick/installer/inc/version.isx	Thu Dec 07 08:47:15 2017 -0600
@@ -10,5 +10,5 @@
 
 #define public MagickPackageName "GraphicsMagick"
 #define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020171206"
-#define public MagickPackageReleaseDate "snapshot-20171206"
+#define public MagickPackageVersionAddendum ".020171207"
+#define public MagickPackageReleaseDate "snapshot-20171207"
--- a/coders/png.c	Wed Dec 06 21:08:47 2017 -0600
+++ b/coders/png.c	Thu Dec 07 08:47:15 2017 -0600
@@ -7033,6 +7033,9 @@
               unsigned int
                 mask;
 
+              MagickBool
+                opaque = MagickTrue;
+
               mask=0xffff;
               if (ping_bit_depth == 8)
                 mask=0x00ff;
@@ -7055,14 +7058,16 @@
                   for (x=(long) image->columns; x > 0; x--)
                     {
                       if (p->opacity != OpaqueOpacity)
-                        break;
+                        {
+                          opaque=MagickFalse;
+                          break;
+                        }
                       p++;
                     }
-                  if (p->opacity != OpaqueOpacity)
+                  if (!opaque)
                     break;
                 }
-              if ((p != (const PixelPacket *) NULL) &&
-                  (p->opacity != OpaqueOpacity))
+              if ((!opaque) && (p != (const PixelPacket *) NULL))
                 {
                   ping_trans_color.red=ScaleQuantumToShort(p->red)&mask;
                   ping_trans_color.green=ScaleQuantumToShort(p->green)
--- a/magick/version.h	Wed Dec 06 21:08:47 2017 -0600
+++ b/magick/version.h	Thu Dec 07 08:47:15 2017 -0600
@@ -38,8 +38,8 @@
 #define MagickLibVersion  0x191600
 #define MagickLibVersionText  "1.4"
 #define MagickLibVersionNumber 19,16,0
-#define MagickChangeDate   "20171206"
-#define MagickReleaseDate  "snapshot-20171206"
+#define MagickChangeDate   "20171207"
+#define MagickReleaseDate  "snapshot-20171207"
 	
 /*
   The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
--- a/www/Changelog.html	Wed Dec 06 21:08:47 2017 -0600
+++ b/www/Changelog.html	Thu Dec 07 08:47:15 2017 -0600
@@ -35,6 +35,15 @@
 <div class="document">
 
 
+<p>2017-12-07  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+<blockquote>
+<ul class="simple">
+<li>coders/png.c (WriteOnePNGImage): Fix heap read access outside of
+allocated PixelPacket array while testing pixels for opacity.
+Resolves SourceForge issue #526 &quot;heap-buffer-overflow in
+WriteOnePNGImage&quot;.</li>
+</ul>
+</blockquote>
 <p>2017-12-06  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
 <blockquote>
 <ul class="simple">