diff --git a/ChangeLog b/ChangeLog index 9a4bed85..e4af77e7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,7 +8,8 @@ - hide info messages you could get with some older glibs [kleisauke] - fix --no-strip on dzsave with icc-profiles [altert] - better GraphicsMagick image write [bfriesen] -- Add missing read loops to spng, heif, giflib and ppm load [kleisauke] +- add missing read loops to spng, heif, giflib and ppm load [kleisauke] +- block zero width or height images from imagemagick load [Koen1999] 6/9/20 started 8.10.2 - update magicksave/load profile handling [kelilevi] diff --git a/libvips/foreign/magick2vips.c b/libvips/foreign/magick2vips.c index d97b1c1f..768df8aa 100644 --- a/libvips/foreign/magick2vips.c +++ b/libvips/foreign/magick2vips.c @@ -336,8 +336,18 @@ parse_header( Read *read ) im->Xsize = image->columns; im->Ysize = image->rows; read->frame_height = image->rows; - if( (im->Bands = get_bands( image )) < 0 ) + im->Bands = get_bands( image ); + if( im->Xsize <= 0 || + im->Ysize <= 0 || + im->Bands <= 0 || + im->Xsize >= VIPS_MAX_COORD || + im->Ysize >= VIPS_MAX_COORD || + im->Bands >= VIPS_MAX_COORD ) { + vips_error( "magick2vips", + _( "bad image dimensions %d x %d pixels, %d bands" ), + im->Xsize, im->Ysize, im->Bands ); return( -1 ); + } /* Depth can be 'fractional'. * diff --git a/libvips/foreign/magick7load.c b/libvips/foreign/magick7load.c index f7292888..ed394888 100644 --- a/libvips/foreign/magick7load.c +++ b/libvips/foreign/magick7load.c @@ -449,6 +449,17 @@ vips_foreign_load_magick7_parse( VipsForeignLoadMagick7 *magick7, out->Ysize = image->rows; magick7->frame_height = image->rows; out->Bands = magick7_get_bands( image ); + if( out->Xsize <= 0 || + out->Ysize <= 0 || + out->Bands <= 0 || + out->Xsize >= VIPS_MAX_COORD || + out->Ysize >= VIPS_MAX_COORD || + out->Bands >= VIPS_MAX_COORD ) || + vips_error( class->nickname, + _( "bad image dimensions %d x %d pixels, %d bands" ), + out->Xsize, out->Ysize, out->Bands ); + return( -1 ); + } /* Depth can be 'fractional'. You'd think we should use * GetImageDepth() but that seems to compute something very complex.