sergiotarxz/libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

backport gifheight check

Browse Source 
ensure gifheight can't oevrflow

see https://github.com/libvips/libvips/pull/1892
This commit is contained in:
John Cupitt 2020-11-21 14:25:09 +00:00
parent 1e5ac06f84
commit c17e696243
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@ -10,6 +10,7 @@
- better GraphicsMagick image write [bfriesen] - better GraphicsMagick image write [bfriesen]
- add missing read loops to spng, heif, giflib and ppm load [kleisauke] - add missing read loops to spng, heif, giflib and ppm load [kleisauke]
- block zero width or height images from imagemagick load [Koen1999] - block zero width or height images from imagemagick load [Koen1999]
- check for overflow in gifload height [lovell]
6/9/20 started 8.10.2 6/9/20 started 8.10.2
- update magicksave/load profile handling [kelilevi] - update magicksave/load profile handling [kelilevi]

10
libvips/foreign/gifload.c
View File

@ -700,8 +700,16 @@ vips_foreign_load_gif_scan_extension( VipsForeignLoadGif *gif )
static int static int
vips_foreign_load_gif_set_header( VipsForeignLoadGif *gif, VipsImage *image ) vips_foreign_load_gif_set_header( VipsForeignLoadGif *gif, VipsImage *image )
{ {
const gint64 total_height = (gint64) gif->file->SHeight * gif->n;
if( total_height <= 0 ||
total_height > VIPS_MAX_COORD ) {
vips_error( "gifload", "%s", _( "image size out of bounds" ) );
return( -1 );
}
vips_image_init_fields( image, vips_image_init_fields( image,
gif->file->SWidth, gif->file->SHeight * gif->n, gif->file->SWidth, total_height,
(gif->has_colour ? 3 : 1) + (gif->has_transparency ? 1 : 0), (gif->has_colour ? 3 : 1) + (gif->has_transparency ? 1 : 0),
VIPS_FORMAT_UCHAR, VIPS_CODING_NONE, VIPS_FORMAT_UCHAR, VIPS_CODING_NONE,
gif->has_colour ? gif->has_colour ?