blob: 5ab101d84153fd6e5380ad0a540bfccec17a63e4 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
|
From 97b99a741321c9a89491ebb6dab66d1215413595 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 7 Oct 2023 10:22:57 +0800
Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of
Vehere (Dawn Treaders team)
---
coders/bmp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/coders/bmp.c b/coders/bmp.c
index 8ff76bb..bb9ce2f 100644
--- a/coders/bmp.c
+++ b/coders/bmp.c
@@ -629,6 +629,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
" BMP header size: %u",bmp_info.size);
if (bmp_info.size > 124)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+ if ((bmp_info.file_size != 0) &&
+ ((MagickSizeType) bmp_info.file_size > GetBlobSize(image)))
+ ThrowReaderException(CorruptImageError,"ImproperImageHeader");
if (bmp_info.offset_bits < bmp_info.size)
ThrowReaderException(CorruptImageError,"ImproperImageHeader");
bmp_info.offset_bits=MagickMax(14+bmp_info.size,bmp_info.offset_bits);
--
2.27.0
|
