Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://imagemagick.com/discourse-server/

Serious issue using zlib

https://imagemagick.com/discourse-server/viewtopic.php?t=14088

Page 1 of 1

Serious issue using zlib

Posted: 2009-06-26T01:18:06-07:00
by mootools
Hello,

I find a serious issue in the way of using zlib.

Look at blob.c / line 2373

Code: Select all

#if defined(MAGICKCORE_ZLIB_DELEGATE)
  if (((strlen(filename) > 2) &&
       (LocaleCompare(filename+strlen(filename)-2,".Z") == 0)) ||
      ((strlen(filename) > 3) &&
       (LocaleCompare(filename+strlen(filename)-3,".gz") == 0)) ||
      ((strlen(filename) > 4) &&
       (LocaleCompare(filename+strlen(filename)-4,".wmz") == 0)) ||
      ((strlen(filename) > 5) &&
       (LocaleCompare(filename+strlen(filename)-5,".svgz") == 0)))
    {
      [b]image->blob->file=(FILE *) gzopen(filename,type);[/b] // This is an error!
      if (image->blob->file != (FILE *) NULL)
        image->blob->type=ZipStream;
    }
  else
#endif
If you look the gzio.c code, gzopen return an opaque structure which is not a FILE * (the structure is gz_stream internal to gzio.c)
This make ImageMagick crash several line after in the GetBlobSize function:

Code: Select all

   case ZipStream:
    {
#if defined(MAGICKCORE_ZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif
      break;
    }
In this code, image->blob->file should be a FILE *, which is false in the zlib case.
It makes ImageMagick crashes on Windows.

Here is a file which is incorrectly reads it this help...

sports.wmz

I also think that a similar problem occurs with the BZipStream.
I didn't check it, but the code is the same and BZ2_bzopen also returns an opaque structure which is not a FILE * and should make crash :

Code: Select all

#if defined(MAGICKCORE_BZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif
I hope this help,
Manuel

Re: Serious issue using zlib

Posted: 2009-06-26T05:28:46-07:00
by magick
Thanks for the problem report. We have a patch in ImageMagick 6.5.4-0 Beta to fix the problem available by sometime tomorrow.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited