Mercurial > hg > GraphicsMagick / changeset

--- a/ChangeLog	Sat Dec 16 10:08:39 2017 -0600
+++ b/ChangeLog	Sat Dec 16 13:08:45 2017 -0600
@@ -1,5 +1,10 @@
 2017-12-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
+	* coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530
+	"heap-buffer-overflow in ReadOneJNGImage".  In this case there is
+	a read one byte beyond the oFFs chunk allocation size due to an
+	error in specifying an offset into the chunk.
+
 	* coders/palm.c (ReadPALMImage): Fix SourceForge issue #529
 	"global-buffer-overflow in ReadPALMImage".  This issue only
 	occured in builds with QuantumDepth=8 due to the small range of

--- a/coders/png.c	Sat Dec 16 10:08:39 2017 -0600
+++ b/coders/png.c	Sat Dec 16 13:08:45 2017 -0600
@@ -3523,7 +3523,7 @@
             {
               image->page.x=mng_get_long(p);
               image->page.y=mng_get_long(&p[4]);
-              if ((int) p[9] != 0)
+              if ((int) p[8] != 0)
                 {
                   image->page.x/=10000;
                   image->page.y/=10000;

--- a/www/Changelog.html	Sat Dec 16 10:08:39 2017 -0600
+++ b/www/Changelog.html	Sat Dec 16 13:08:45 2017 -0600
@@ -38,6 +38,10 @@
 <p>2017-12-16  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
 <blockquote>
 <ul class="simple">
+<li>coders/png.c (ReadOneJNGImage): Fix SourceForge issue #530
+&quot;heap-buffer-overflow in ReadOneJNGImage&quot;.  In this case there is
+a read one byte beyond the oFFs chunk allocation size due to an
+error in specifying an offset into the chunk.</li>
 <li>coders/palm.c (ReadPALMImage): Fix SourceForge issue #529
 &quot;global-buffer-overflow in ReadPALMImage&quot;.  This issue only
 occured in builds with QuantumDepth=8 due to the small range of