Stop crash due to zero-length color_image while reading a JNG
authorGlenn Randers-Pehrson <glennrp+bmo@gmail.com>
Wed, 05 Jul 2017 09:41:22 -0400
changeset 15059 dea93a690fc1
parent 15057 a42ae8447fe7
child 15060 d445af60a8d5
Stop crash due to zero-length color_image while reading a JNG
ChangeLog
coders/png.c
--- a/ChangeLog	Tue Jul 04 16:33:37 2017 -0500
+++ b/ChangeLog	Wed Jul 05 09:41:22 2017 -0400
@@ -1,3 +1,8 @@
+2017-07-05  Glenn Randers-Pehrson  <glennrp@simple.dallas.tx.us>
+
+	* coders/png.c: prevent a crash due to zero-length color_image
+	while reading a JNG image.
+
 2017-07-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
 	* NEWS.txt: Make sure is up to date.
--- a/coders/png.c	Tue Jul 04 16:33:37 2017 -0500
+++ b/coders/png.c	Wed Jul 05 09:41:22 2017 -0400
@@ -3314,12 +3314,13 @@
 
           if (logging)
             (void) LogMagickEvent(CoderEvent,GetMagickModule(),
-                                  "    Copying JDAT chunk data"
-                                  " to color_blob.");
-          if (color_image != (Image *)NULL)
+                                  "    Copying %lu bytes of JDAT chunk data"
+                                  " to color_blob.",length);
+          if (length && color_image != (Image *)NULL)
+          {
             (void) WriteBlob(color_image,length,(char *) chunk);
-          if (length)
             MagickFreeMemory(chunk);
+          }
           continue;
         }