Serious issue using zlib

[mootools]

Hello,

I find a serious issue in the way of using zlib.

Look at blob.c / line 2373

Code: Select all

#if defined(MAGICKCORE_ZLIB_DELEGATE)
  if (((strlen(filename) > 2) &&
       (LocaleCompare(filename+strlen(filename)-2,".Z") == 0)) ||
      ((strlen(filename) > 3) &&
       (LocaleCompare(filename+strlen(filename)-3,".gz") == 0)) ||
      ((strlen(filename) > 4) &&
       (LocaleCompare(filename+strlen(filename)-4,".wmz") == 0)) ||
      ((strlen(filename) > 5) &&
       (LocaleCompare(filename+strlen(filename)-5,".svgz") == 0)))
    {
      [b]image->blob->file=(FILE *) gzopen(filename,type);[/b] // This is an error!
      if (image->blob->file != (FILE *) NULL)
        image->blob->type=ZipStream;
    }
  else
#endif

If you look the gzio.c code, gzopen return an opaque structure which is not a FILE * (the structure is gz_stream internal to gzio.c)
This make ImageMagick crash several line after in the GetBlobSize function:

Code: Select all

   case ZipStream:
    {
#if defined(MAGICKCORE_ZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif
      break;
    }

In this code, image->blob->file should be a FILE *, which is false in the zlib case.
It makes ImageMagick crashes on Windows.

Here is a file which is incorrectly reads it this help...

sports.wmz

I also think that a similar problem occurs with the BZipStream.
I didn't check it, but the code is the same and BZ2_bzopen also returns an opaque structure which is not a FILE * and should make crash :

Code: Select all

#if defined(MAGICKCORE_BZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif

I hope this help,
Manuel

[magick]

Thanks for the problem report. We have a patch in ImageMagick 6.5.4-0 Beta to fix the problem available by sometime tomorrow.