Commit 7fd8910e authored by Cristy's avatar Cristy Committed by Bastien ROUCARIÈS

Prevent buffer overflow in BMP coder

bug report from pwchen of tencent.

(cherry picked from commit 4cc6ec8a4197d4c008577127736bf7985d632323)

Origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
bug-debian: https://bugs.debian.org/834504
parent 6f36eb62
......@@ -1695,10 +1695,13 @@ static MagickBooleanType WriteBMPImage(const ImageInfo *image_info,Image *image)
bmp_info.file_size+=extra_size;
bmp_info.offset_bits+=extra_size;
}
if ((image->columns != (signed int) image->columns) ||
(image->rows != (signed int) image->rows))
ThrowWriterException(ImageError,"WidthOrHeightExceedsLimit");
bmp_info.width=(ssize_t) image->columns;
bmp_info.height=(ssize_t) image->rows;
bmp_info.planes=1;
bmp_info.image_size=(unsigned int) (bytes_per_line*image->rows);
bmp_info.image_size=(unsigned long) (bytes_per_line*image->rows);
bmp_info.file_size+=bmp_info.image_size;
bmp_info.x_pixels=75*39;
bmp_info.y_pixels=75*39;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment