SUN: Fix heap read overflow while indexing colormap in bilevel decoder
authorBob Friesenhahn <bfriesen@GraphicsMagick.org>
Mon, 31 Jul 2017 21:49:45 -0500
changeset 15107 95d00d55e978
parent 15106 921a31d31ea8
child 15108 19f1771574cc
SUN: Fix heap read overflow while indexing colormap in bilevel decoder
ChangeLog
VisualMagick/installer/inc/version.isx
coders/sun.c
magick/version.h
www/Changelog.html
--- a/ChangeLog	Mon Jul 31 09:35:26 2017 -0400
+++ b/ChangeLog	Mon Jul 31 21:49:45 2017 -0500
@@ -1,3 +1,9 @@
+2017-07-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
+
+	* coders/sun.c: Fix heap read overflow while indexing into
+	colormap. Problem was reported via email on 17 Jul 2017 by
+	Agostino Sarubbo.
+
 2017-07-31  Glenn Randers-Pehrson  <glennrp@simple.dallas.tx.us>
 
 	* coders/png.c (ReadMNGImage): Stop a leak when rejecting a
--- a/VisualMagick/installer/inc/version.isx	Mon Jul 31 09:35:26 2017 -0400
+++ b/VisualMagick/installer/inc/version.isx	Mon Jul 31 21:49:45 2017 -0500
@@ -10,5 +10,5 @@
 
 #define public MagickPackageName "GraphicsMagick"
 #define public MagickPackageVersion "1.4"
-#define public MagickPackageVersionAddendum ".020170726"
-#define public MagickPackageReleaseDate "snapshot-20170726"
+#define public MagickPackageVersionAddendum ".020170731"
+#define public MagickPackageReleaseDate "snapshot-20170731"
--- a/coders/sun.c	Mon Jul 31 09:35:26 2017 -0400
+++ b/coders/sun.c	Mon Jul 31 21:49:45 2017 -0500
@@ -1,5 +1,5 @@
 /*
-% Copyright (C) 2003-2015 GraphicsMagick Group
+% Copyright (C) 2003-2017 GraphicsMagick Group
 % Copyright (C) 2002 ImageMagick Studio
 % Copyright 1991-1999 E. I. du Pont de Nemours and Company
 %
@@ -577,6 +577,7 @@
           for (bit=7; bit >= 0; bit--)
             {
               index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
+              VerifyColormapIndex(image,index);
               indexes[x+7-bit]=index;
               q[x+7-bit]=image->colormap[index];
             }
@@ -587,6 +588,7 @@
             for (bit=7; bit >= (long) (8-(image->columns % 8)); bit--)
               {
                 index=((*p) & (0x01 << bit) ? 0x01 : 0x00);
+                VerifyColormapIndex(image,index);
                 indexes[x+7-bit]=index;
                 q[x+7-bit]=image->colormap[index];
               }
--- a/magick/version.h	Mon Jul 31 09:35:26 2017 -0400
+++ b/magick/version.h	Mon Jul 31 21:49:45 2017 -0500
@@ -38,8 +38,8 @@
 #define MagickLibVersion  0x191600
 #define MagickLibVersionText  "1.4"
 #define MagickLibVersionNumber 19,16,0
-#define MagickChangeDate   "20170726"
-#define MagickReleaseDate  "snapshot-20170726"
+#define MagickChangeDate   "20170731"
+#define MagickReleaseDate  "snapshot-20170731"
 	
 /*
   The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
--- a/www/Changelog.html	Mon Jul 31 09:35:26 2017 -0400
+++ b/www/Changelog.html	Mon Jul 31 21:49:45 2017 -0500
@@ -35,6 +35,21 @@
 <div class="document">
 
 
+<p>2017-07-31  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+<blockquote>
+<ul class="simple">
+<li>coders/sun.c: Fix heap read overflow while indexing into
+colormap. Problem was reported via email on 17 Jul 2017 by
+Agostino Sarubbo.</li>
+</ul>
+</blockquote>
+<p>2017-07-31  Glenn Randers-Pehrson  &lt;<a class="reference external" href="mailto:glennrp&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">glennrp<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+<blockquote>
+<ul class="simple">
+<li>coders/png.c (ReadMNGImage): Stop a leak when rejecting a
+MNG image with dimensions that are too large.</li>
+</ul>
+</blockquote>
 <p>2017-07-26  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
 <blockquote>
 <ul class="simple">