12019-12-31 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 2 3 - coders/gradient.c (ReadGRADIENTImage): QueryColorDatabase() only 4 throws a warning so allow the warning to propagate to the user 5 rather than failing to report a useful message at all. 6 72019-12-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 8 9 - magick/gradient.c (GradientImage): OpenMP portability requires 10 that loop variable be signed. 11 122019-12-30 Fojtik Jaroslav <JaFojtik@seznam.cz> 13 14 - magick/gradient.c: Visual studio does not compile file without 15 this fix. 16 172019-12-30 Fojtik Jaroslav <JaFojtik@seznam.cz> 18 19 - VisualMagick\configure\configure.cpp Add option for speed optimisation 20 to achieve better performance. 21 222019-12-29 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 23 24 - magick/version.h.in: Bump copyright years. 25 26 - magick/image.c (DisplayImages): Fix return status. Was 27 returning inverted return status. 28 29 - coders/gradient.c (ReadGRADIENTImage): Support the 30 "gradient:direction" definition to produce produce additional 31 gradient vector directions corresponding to South, North, West, 32 East, NorthWest, NorthEast, SouthWest, and SouthEast. This 33 support is similar to a useful feature added in ImageMagick 34 6.9.2.5 although there is no claim that the results are identical, 35 even if the resulting images appear to be visually 36 indistinguishable. 37 38 - magick/gradient.c (GradientImage): Add support for using the 39 image 'gravity' attribute to produce additional gradient vector 40 directions corresponding to SouthGravity (the previously-existing 41 default), NorthGravity, WestGravity, EastGravity, 42 NorthWestGravity, NorthEastGravity, SouthWestGravity, and 43 SouthEastGravity. Gradient images are updated to be PseudoClass 44 (color-mapped), if possible. 45 462019-12-28 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 47 48 - magick/gradient.c (GradientImage): Output PseudoClass images if 49 we can. 50 51 - coders/pcx.c (WritePCXImage): Fix heap overflow in PCX writer 52 when bytes per line value overflows its 16-bit storage unit. 53 Fixes SourceForge bug #619 "heap-buffer-overflow in WritePCXImage" 54 reported by Suhwan Song. 55 56 - magick/gradient.c (GradientImage): Gradient levels were still 57 not spot-on. Now they are. Unfortunately, this necessitated 58 re-generating reference test images based on gradient since the 59 gradient output has changed a little bit more than the test error 60 margins allow. 61 622019-12-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 63 64 - magick/render.c (DrawImage): Test gradient image resource limits 65 using the proper API. 66 67 - magick/resource.c (ResourceInfinity): Fix definition of 68 ResourceInfinity. Due to parenthesis in the wrong place, the 69 defined value was -1 rather than the maximum range value. The 70 effect of this is that GetMagickResource() would return -1 rather 71 than the maximum range value for the return type as documented. 72 Regression was added on Saturday, March 09, 2019 in the 1.3.32 73 release via changeset 15927:a5318823758c. 74 75 - tests/rwfile.c (main): Allow Ghostscript supported formats to be 76 a bit lossy. 77 78 - tests/rwblob.c (main): Allow Ghostscript supported formats to be 79 a bit lossy. 80 81 - magick/gradient.c (GradientImage): Compute blending alpha with 82 double precision for more precision. 83 842019-12-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 85 86 - NEWS.txt: Updates in preparation for 1.3.34 release. 87 882019-12-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 89 90 - NEWS.txt: Update with changes since the last GM release. 91 92 - coders/png.c (png\_read\_raw\_profile): Use size\_t type to store 93 profile length and 'nibbles'. Use safer way to test for profile 94 buffer overflow. 95 (ReadOnePNGImage): Use size\_t type to store 'ping\_rowbytes', 96 'length', and 'row\_offset'. Check png\_pixels allocation for 97 arithemetic overflow when computing the required allocation size. 98 99 - coders/tiff.c (WriteNewsProfile): Use size\_t type to store 100 profile length. 101 102 - coders/pict.c (WritePICTImage): Avoid 'alloc-size-larger-than' 103 warning from GCC when allocating row\_bytes. 104 1052019-12-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 106 107 - tiff/libtiff/tiffconf.h: Add standard/common libtiff 'SUPPORT' 108 options which are used in full-fledged Autoconf/Cmake libtiff 109 builds but were missing from the Visual C template file. In 110 particular, WebP is now supported and JBIG is somewhat supported. 111 112 - VisualMagick/jbig/libjbig/LIBRARY.txt (EXCLUDE): Remove 113 tstcodec85.c from JBIG library build. 114 115 - VisualMagick/configure/configure.cpp: Add JBIG library to 116 include path when building libraries. Add WebP as a dependency 117 when building libtiff. 118 1192019-12-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 120 121 - magick/nt\_base.h ("C"): Assume that float versions of functions 122 became available in Visual Studio 2008. 123 1242019-12-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 125 126 - magick/log.c (InitializeLogInfo): Using the compiled-in 127 defaults, always log to stderr by default, even under Microsoft 128 Windows. The logging output may then be diverted to 129 'win32eventlog' as soon as a log.mgk file is loaded if that is 130 desired. This should not be much of a problem because loading a 131 log.mgk file is the first thing that the library attempts to do. 132 This change is made due to users and developers being baffled at 133 not seeing any log output due to the log output going to the (very 134 unfriendly) Windows application log. 135 136 - webp: libwebp is updated to the 1.0.3 release. 137 1382019-12-15 Fojtik Jaroslav <JaFojtik@seznam.cz> 139 140 - magick/nt\_base.c Fix user only installation of Ghostscript. 141 1422019-12-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 143 144 - rungm.sh.in (DIRSEP): DIRSEP should always use Unix conventions for 145 Autotools-based builds. 146 147 - magick/module.h ("C"): Eliminiate redundant and conflicting 148 ListModuleInfo() prototype. 149 150 - coders/miff.c (ReadMIFFImage): Eliminate warnings in trace 151 statements. 152 153 - coders/dib.c (DecodeImage): Eliminate warnings in trace 154 statements. 155 156 - coders/bmp.c (DecodeImage): Eliminate warnings in trace 157 statements. 158 159 - magick/studio.h (SupportMagickModules): Fix the preprocessor 160 logic controlling SupportMagickModules, which became broken for 161 GCC MinGW-based builds starting in the 1.3.29 release when a 162 "static" module loader was implemented. Due to an error in the 163 preprocessor logic, only the "modules" based build was working for 164 MinGW. Much thanks to Giovanni Remigi for making us aware of this 165 issue. 166 1672019-12-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 168 169 - coders/pict.c (WritePICTImage): Throw a writer exception if the 170 PICT width limit is exceeded. Fixes SourceForge issue 617 171 "heap-buffer-overflow in function EncodeImage of coders/pict.c". 172 1732019-12-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 174 175 - jbig: jbigkit is updated to 2.1 release. 176 177 - libxml: libxml2 is updated to 2.9.10 release. 178 179 - bzlib: bzip is updated to 1.0.8 release. 180 181 - zlib: zlib is updated to 1.2.11 release. 182 183 - png: libpng is updated to 1.6.37 release. 184 1852019-12-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 186 187 - lcms: lcms2 is updated to 2.9 release. 188 189 - tiff: libtiff is updated to 4.1.0 release. 190 1912019-11-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 192 193 - magick/render.c (DrawPatternPath): Don't leak memory if 194 fill\_pattern or stroke\_pattern of cloned draw\_info are not null. 195 Fixes oss-fuzz issue 18948 "graphicsmagick:coder\_MVG\_fuzzer: 196 Indirect-leak in CloneImage". 197 (PrimitiveInfoRealloc): Clear freshly-allocated PrimitiveInfo 198 memory. 199 2002019-11-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 201 202 - magick/attribute.c (GenerateEXIFAttribute): Fix oss-fuzz issue 203 17986 "graphicsmagick:coder\_JPG\_fuzzer: Heap-buffer-overflow in 204 GenerateEXIFAttribute". This problem likely only happens in 205 32-bit builds. 206 2072019-11-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 208 209 - coders/png.c (ReadMNGImage): Only magnify the image if the 210 requested magnification methods are supported. 211 2122019-11-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 213 214 - magick/compress.c (HuffmanDecodeImage): Fix signed overflow on 215 range check which leads to heap overflow in 32-bit 216 applications. Requires a relatively large file input compared with 217 typical fuzzer files (greater than a megabyte) to trigger. 218 Problem reported to the graphicsmagick-security mail address by 219 Justin Tripp on 2019-11-13. 220 (Ascii85Tuple): Fix thread safety issue by requiring caller to 221 pass in tuple buffer as an argument and having callers allocate 222 tuple buffer on the stack. 223 2242019-11-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 225 226 - magick/bit\_stream.c: Add restrict declarations to slightly 227 improve performance and decrease code size. 228 229 - TclMagick/pkgIndex.tcl: Incorporate recommendations from third 230 problem noted in SourceForge issue #420 "TclMagick issues and 231 patch". This is supposed to help support using an uninstalled 232 GraphicsMagick and allow the installation path to contain a space. 233 234 - wand/magick\_wand.c (MagickClearException): Destroy any existing 235 exception info before re-initializing the exception info or else 236 there will be a memory leak. 237 238 - TclMagick/generic/libttkcommon.c (myMagickError): Clear 239 exception from the Wand after it has been reported. Addresses the 240 fourth problem noted by SourceForge issue #420 "TclMagick issues 241 and patch". However, MagickClearException() already clears an 242 exception in the Wand, so a new function is not needed. 243 244 - TclMagick/unix/m4/tcl.m4: Change hard-coded INSTALL path to 245 point to config/install-sh. Re-generated/updated Autotools stuff 246 by executing the genconf.sh script. Addresses the first problem 247 noted by SourceForge issue #420 "TclMagick issues and patch". 248 2492019-11-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 250 251 - magick/pixel\_cache.c (SetNexus): Eliminate warning about 252 possibly uninitialized variable from primordial GCC 3.4.3. 253 254 - magick/render.c (ConvertPrimitiveToPath): Eliminate warning that 255 IsClosedSubPath might be used uninitialized. 256 257 - magick/common.h ("MAGICK\_FALLTHROUGH"): Added a 258 MAGICK\_FALLTHROUGH macro to support the GCC/Clang fallthrough 259 attribute when the time comes again that it would be useful. 260 2612019-10-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 262 263 - coders/pcx.c (ReadPCXImage): Verify that pixel region is not 264 negative. Assure that opacity channel is initialized to 265 opaqueOpacity. Update DirectClass representation while 266 PseudoClass representation is updated. Improve read performance 267 with uncompressed PCX. 268 2692019-10-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 270 271 - coders/xpm.c (ReadXPMImage): Image properties are expected to 272 appear within the first 512 bytes of the XPM file header. fixes 273 oss-fuzz 18267 "graphicsmagick:coder\_PICON\_fuzzer: Timeout in 274 coder\_PICON\_fuzzer". 275 2762019-10-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 277 278 - configure.ac: Fix tcmalloc configuration report. 279 2802019-10-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 281 282 - coders/wpg.c (ReadWPGImage): Implement subimage/subrange 283 support. 284 285 - coders/mat.c (ReadMATImage, ReadMATImageV4): Implement 286 subimage/subrange support. Should resolve oss-fuzz 14999 287 "graphicsmagick/coder\_MAT\_fuzzer: Out-of-memory in 288 graphicsmagick\_coder\_MAT\_fuzzer". 289 290 - coders/tiff.c (TIFFMapBlob): Fix compile problem if 291 LOG\_TIFF\_BLOB\_IO is defined. 292 293 - coders/wpg.c (ExtractPostscript): Improve performance. Avoid 294 temporary files if possible. Avoid additional memory allocations 295 if possible. Should address oss-fuzz issue 18173 296 "graphicsmagick:enhance\_fuzzer: Timeout in enhance\_fuzzer" and 297 oss-fuzz issue 17714 "graphicsmagick:coder\_WPG\_fuzzer: Timeout in 298 coder\_WPG\_fuzzer". 299 3002019-10-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 301 302 - coders/pnm.c (PNMInteger): Place a generous arbitrary limit on 303 the amount of PNM comment text to avoid denial of service 304 opportunity. Fixes oss-fuzz 18162 "Timeout · coder\_PNM\_fuzzer". 305 3062019-10-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 307 308 - coders/dps.c (ReadDPSImage): Fix memory leak when OpenBlob() 309 reports failure. Same as ImageMagick CVE CVE-2019-16709. 310 3112019-09-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 312 313 - magick/attribute.c (GenerateEXIFAttribute): Skip 314 unsupported/invalid format 0. Fixes oss-fuzz issue 17597 315 "graphicsmagick:coder\_SFW\_fuzzer: Heap-buffer-overflow in 316 GenerateEXIFAttribute". 317 3182019-09-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 319 320 - fuzzing/oss-fuzz-build.sh: Change by Alex Gaynor so that the 321 correct oss-fuzz fuzzing engine should be used. 322 3232019-09-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 324 325 - magick/static.c (OpenModule): Static module loader should use 326 upper-cased magick string when searching for a module alias. 327 Fixes SourceForge issue #613 "static module loader is still 328 case-sensitive". 329 3302019-09-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 331 332 - configure.ac: Report status of zstd (FaceBook Zstandard) 333 compression in configuration summary. 334 3352019-09-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 336 337 - magick/render.c (TraceArcPath): Substitute a lineto command when 338 tracing arc is impossible. Fixes oss-fuzz 10765 339 "graphicsmagick/coder\_MVG\_fuzzer: Divide-by-zero in TraceArcPath". 340 3412019-09-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 342 343 - coders/png.c (png\_read\_raw\_profile): Fix validation of raw 344 profile length. Fixes oss-fuzz 16906 345 "graphicsmagick:coder\_ICO\_fuzzer: Out-of-memory in 346 graphicsmagick\_coder\_ICO\_fuzzer". 347 348 - coders/wpg.c (ReallocColormap): Avoid dereferencing a null 349 pointer if image->colormap is null. Fixes oss-fuzz 17004 350 "graphicsmagick:coder\_WPG\_fuzzer: Null-dereference READ in 351 ReallocColormap". 352 3532019-09-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 354 355 - magick/memory.c (MagickRealloc): Add a note that the behavior of 356 this function is as described for BSD reallocf(3), which is now 357 appearing in Linux's GNU libc and elsewhere. 358 3592019-09-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 360 361 - www/OpenMP.rst: Document the significant OpenMP speed-up which 362 may be obtained by using an alternate memory allocation library. 363 Currently 'tcmalloc', 'mtmalloc', and 'umem' are supported as 364 options. 365 366 - www/INSTALL-unix.rst: Document new --with-tcmalloc option to 367 enable using Google gperftools tcmalloc library. 368 369 - configure.ac: Add support for using Google gperftools tcmalloc 370 library via the --with-tcmalloc option. 371 372 - scripts/rst2htmldeco.py: Port to Python 3 syntax and require at 373 least Python 2.6. 374 375 - scripts/relpath.py: Port to Python 3 syntax and require 376 at least Python 2.6. 377 378 - scripts/html\_fragments.py: Port to Python 3 syntax and require 379 at least Python 2.6. 380 381 - scripts/format\_c\_api\_doc.py: Port to Python 3 syntax and require 382 at least Python 2.6. 383 3842019-08-27 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 385 386 - doc/GraphicsMagick.imdoc: Document gm utility exit status codes. 387 3882019-08-25 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 389 390 - magick/render.c (PRIMITIVE\_INFO\_POINTS\_MAX): SIZE\_MAX apparently 391 rounds up by one when cast to a double on 64-bit systems. Due to 392 this, and in order to set more rational implementation limits, add 393 a PRIMITIVE\_INFO\_POINTS\_MAX definition which computes and 394 constrains the maximum number of PrimitiveInfo entries allowed. 395 3962019-08-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 397 398 - magick/attribute.c (GenerateEXIFAttribute): Check that we are 399 not being directed to read an IFD that we are already parsing and 400 quit in order to avoid a loop. Addresses oss-fuzz 15753 401 "graphicsmagick/coder\_JPEG\_fuzzer: Timeout in 402 graphicsmagick\_coder\_JPEG\_fuzzer" and 16068 403 "graphicsmagick/coder\_SFW\_fuzzer: Timeout in 404 graphicsmagick\_coder\_SFW\_fuzzer". 405 406 - tests/{constitute.c, drawtest.c, rwblob.c, rwfile.c}: Eliminate 407 irritating GCC 9 "\_\_builtin\_strncpy' output may be truncated" 408 warnings due to copying MaxTextExtent-1 characters. Instead 409 request copying all of the characters and also assure that string 410 is still null terminated. 411 412 - doc/environment.imdoc: Update documentation pertaining to HOME 413 and MAGICK\_DEBUG environment variables. 414 4152019-08-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 416 417 - magick/log.c (DestroyLogInfo): Only output text to terminate an 418 XML format log file if XML format is active. 419 4202019-08-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 421 422 - magick/render.c (ExtractTokensBetweenPushPop): Previous fix for 423 non-terminal loop was broken by a last-minute untested edit. 424 Finally addresses oss-fuzz 15318 "graphicsmagick/coder\_MVG\_fuzzer: 425 Timeout in graphicsmagick\_coder\_MVG\_fuzzer". 426 4272019-08-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 428 429 - fuzzing/utils.cc (MemoryResource): Lessen the memory limit used 430 for oss-fuzz testing in order to provide more headroom and margin 431 for error. 432 433 - magick/render.c (TraceBezier): Detect arithmetic overflow and 434 return errors via normal error path rather than exiting. Fixes 435 oss-fuzz 16450 "graphicsmagick:coder\_MVG\_fuzzer: Unexpected-exit 436 in DefaultFatalErrorHandler". 437 (PrimitiveInfoRealloc): Implement more paranoid code related to 438 primitive allocation. 439 4402019-08-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 441 442 - magick/render.c (DrawStrokePolygon): Handle case where 443 TraceStrokePolygon() returns NULL. Addresses oss-fuzz 15516 444 "graphicsmagick/coder\_MVG\_fuzzer: ASSERT: primitive\_info != 445 (PrimitiveInfo \*) NULL". 446 (DrawDashPolygon): Handle case where DrawStrokePolygon() returns 447 MagickFail. Also needed to address oss-fuzz 15516, since otherwise 448 test-cases run for a very long time. 449 (ExtractTokensBetweenPushPop): Fix non-terminal parsing loop. 450 Addresses oss-fuzz 15318 "graphicsmagick/coder\_MVG\_fuzzer: Timeout 451 in graphicsmagick\_coder\_MVG\_fuzzer". 452 4532019-08-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 454 455 - magick/memory.h (MagickMallocAlignedArray): Add function 456 attributes for added value and to quench GCC 9 warning with 457 special build options enabled. 458 459 - magick/deprecate.h (AcquireMemory): Add more function attributes 460 to quench GCC 9 warning with special build options enabled. 461 462 - magick/attribute.c (GenerateEXIFAttribute): Fix compilation 463 warning in 32-bit build. 464 465 - coders/dpx.c (AttributeToString): Eliminate annoying warnings 466 from GCC 9, although the code was correct. 467 468 - coders/msl.c (MSLStartElement): Fix defective opacity percentage 469 code revealed by GCC 9 warning. 470 4712019-08-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 472 473 - coders/png.c (ReadMNGImage): Skip coalescing layers if there is 474 only one layer. Fixes oss-fuzz 16274 475 "graphicsmagick/coder\_MNG\_fuzzer: Unexpected-exit in 476 DefaultFatalErrorHandler". 477 4782019-08-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 479 480 - coders/png.c (ReadPNGImage): Post-processing to convert the 481 image type in the PNG reader based on a specified magick prefix 482 string is now disabled. This can (and should) be done after the 483 image has been returned. Fixes oss-fuzz 16386 484 "graphicsmagick:coder\_PNG8\_fuzzer: Timeout in 485 graphicsmagick\_coder\_PNG8\_fuzzer". 486 4872019-07-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 488 489 - NEWS.txt: Updates in preparation for 1.3.33 release. 490 4912019-07-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 492 493 - NEWS.txt: Updated NEWS to reflect updates since last release. 494 4952019-07-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 496 497 - coders/png.c (WriteOnePNGImage): Fix saving to palette when 498 image has an alpha channel but no color is marked as transparent. 499 Patch submitted by Przemysław Sobala via SourceForge patch #61 500 "WriteOnePNGImage(): Fix saving to palette when image has an alpha 501 channel but no color is marked as transparent". 502 503 - doc/options.imdoc (characters): Fix -format documentation to 504 reflect that '%r' returns the image type. Patch submitted by 505 Przemysław Sobala via SourceForge patch #60 "Fix documentation 506 typo". 507 5082019-07-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 509 510 - magick/tempfile.c (AcquireTemporaryFileDescriptor): Fix 511 compilation under Cygwin. Patch by Marco Atzeri and submitted via 512 email to the graphicsmagick-help mailing list on Fri, 5 Jul 2019. 513 5142019-06-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 515 516 - magick/attribute.c (GenerateEXIFAttribute): Added range checks 517 and tracing. Fixes oss-fuzz 14998 518 "graphicsmagick/coder\_JPEG\_fuzzer: Heap-buffer-overflow in 519 Read32s". This is a tiny read overflow. 520 521 - coders/miff.c (ReadMIFFImage): Similar fix as to mpc.c 522 523 - coders/mpc.c (ReadMPCImage): Fix faulty signed overflow logic 524 for profiles[i].length which still allowed overflow. Fixes 525 oss-fuzz issue 15190 "graphicsmagick/coder\_MPC\_fuzzer: 526 Out-of-memory in graphicsmagick\_coder\_MPC\_fuzzer". 527 528 - doc/options.imdoc: Add notes about security hazards due to 529 commands which support a '@filename' syntax. 530 531 - www/security.rst: Add notes about security hazards due to 532 commands which support a '@filename' syntax. 533 5342019-06-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 535 536 - magick/render.c (DrawImage): Assure that 'token' is initialized. 537 Fixes oss-fuzz issue 14897 "graphicsmagick/coder\_MVG\_fuzzer: 538 Use-of-uninitialized-value in DrawImage". 539 540 - magick/animate.c (MagickXAnimateImages): Fix memory leak of 541 scene\_info.pixels. 542 543 - magick/display.c (MagickXDisplayImage): Fix heap overwrite of 544 windows->image.name and windows->image.icon\_name buffers. It 545 appears that the code assumed that CloneString() would always 546 allocated a string at least MaxTextExtent in size. I assume that 547 this issue has existed for a very long time since CloneString() 548 was re-written many years ago. 549 550 - coders/caption.c (ReadCAPTIONImage): The CAPTION reader did not 551 appear to work at all any more. Now it works again, but still not 552 very well. 553 554 - magick/command.c: Re-implement '@' file inclusion support for 555 -comment, -draw, -format, and -label which was removed for the 556 1.3.32 release. Note that arguments from untrusted sources will 557 still need to be sanitized to detect attempts to subvert this 558 feature to access file data, but this feature has always been 559 supported by GraphicsMagick and it originated early in the 560 development of ImageMagick. 561 5622019-06-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 563 564 - magick/utility.c (MagickStrlCat, MagickStrlCpy): Add debug 565 checks enabled by MAGICK\_STRL\_CHECK. 566 567 - magick/montage.c (MontageImages): Fix wrong length argument to 568 strlcat() when building montage directory, which could allow heap 569 overwrite. 570 571 - coders/png.c (RegisterPNGImage): Pass correct size value to 572 strlcat(). Under Apple's OS X (and possibly other targets) 573 strlcat() writes bytes beyond what it needs to (but within the 574 range it is allowed to) causing a crash due to the wrong limit 575 value. Fixes SourceForge issue #609 `gm identify foo.png` crashes 576 on macOS (v 1.3.32). 577 578 - www/Changes.rst: Update ChangeLog links due to new year, and 579 1.3.32 release. 580 5812019-06-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 582 583 - coders/bmp.c (WriteBMPImage): Detect arithmetic overflow of 584 image\_size. Add more tracing. Reduce compilation warnings. 585 (EncodeImage): Reduce compilation warnings. 586 (WriteBMPImage): Assure that chromaticity uses double-precision 587 for multiply before casting to unsigned integer. 588 589 - coders/wpg.c (ReallocColormap): Reduce compilation warnings. 590 591 - coders/braille.c (WriteBRAILLEImage): Reduce compilation 592 warnings. 593 594 - coders/dib.c (WriteDIBImage): Detect arithmetic overflow of 595 image\_size. Reduce compilation warnings. 596 (EncodeImage): Reduce compilation warnings. 597 598 - coders/locale.c (WriteLOCALEImage): Reduce compilation warnings. 599 6002019-06-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 601 602 - Makefile.am (dist-zstd): Use the maximum possible compression 603 level (22) when creating a Zstd-compressed tarball to get close to 604 lzip/xz compression levels. 605 606 - coders/tiff.c (ReadTIFFImage): Fix typo in initialization of 607 'tile' pointer variable. 608 609 - version.sh: Updates in preparation for 1.3.32 release. 610 6112019-06-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 612 613 - Makefile.am (release): Add a release target to make it easier to 614 produce and sign the release files. Add a zstd-compressed output 615 tarball just because we can. 616 6172019-06-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 618 619 - magick/render.c (DrawImage): Fix typo when initializing 620 number\_coordinates. Somehow GCC and clang let this typo slip by. 621 6222019-06-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 623 624 - coders/dib.c (ReadDIBImage): Preserve PseudoClass opaque 625 representation if ICO mask is opaque, otherwise return a 626 DirectClass image. 627 6282019-06-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 629 630 - magick/render.c (DrawImage): Detect an error in TracePath() and 631 quit rather than forging on. 632 6332019-06-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 634 635 - magick/render.c (DrawImage): Terminate drawing if 636 DrawCompositeMask() reports failure. Fixes oss-fuzz 12373 637 "graphicsmagick/coder\_MVG\_fuzzer: Timeout in 638 graphicsmagick\_coder\_MVG\_fuzzer". 639 (TracePath): Terminate path parsing upon first parsing error. 640 6412019-06-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 642 643 - coders/txt.c (ReadTXTImage): Use real a new-line character as 644 line delimiter rather than '\n' string. 645 646 - magick/annotate.c (AnnotateImage): No longer implicitly call 647 TranslateText() since this is not suitable for most use-cases and 648 causes additional performance impact. The API user can perform 649 such translations in advance on the text string using 650 TranslateText() if need be. No longer call StringToList() to 651 split strings into an array of strings since this can lead to 652 unexpected results, and a custom-splitter is more efficient. 653 6542019-06-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 655 656 - magick/render.c (DrawImage): Only support '@filename' syntax to 657 read drawing primitive from a file if we are not already drawing. 658 659 - magick/utility.c (TranslateTextEx): Remove support for reading 660 from a file using '@filename' syntax due to security concerns. 661 Problem was reported to us by "Battle Furry" via the 662 GraphicsMagick security mail alias on June 6, 2019. 663 6642019-06-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 665 666 - magick/utility.c (SetClientFilename): Reduce initialized data 667 some more. 668 6692019-06-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 670 671 - magick/nt\_base.c: Search for n019003l.pfb (the "Helvetica"-like 672 font) rather than fonts.dir since fonts.dir is not present in all 673 URW font collections. 674 675 - NEWS.txt: Update news. 676 6772019-06-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 678 679 - coders/logo.c: Tidy logo image definitions, and logo image 680 output. 681 6822019-05-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 683 684 - coders/mat.c: Make more data const. 685 6862019-05-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 687 688 - magick/animate.c: Reduce initialized static allocations. 689 690 - magick/display.c: Reduce initialized static allocations. 691 692 - magick/widget.c (MagickSplitNDLTextToList): Add static 693 implementation function. 694 6952019-05-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 696 697 - coders/webp.c (RegisterWEBPImage): Use sprintf to format version 698 since snprintf is not available in old Visual Studio. 699 7002019-05-19 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 701 702 - coders/dcm.c: Make more data const. 703 704 - www/INSTALL-unix.rst: Add documentation for how to install URW 705 fonts from various package management systems. 706 7072019-05-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 708 709 - www/authors.rst: Add authorship attribution to Samuel Thibault 710 for contributing support for the Braille image format. 711 712 - coders/braille.c: Add support for Braille image format by Samuel 713 Thibault. Patch submitted via SourceForge patch #59 "Add braille 714 image format support. 715 7162019-05-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 717 718 - magick/tempfile.c: Make more data const. 719 720 - magick/signature.c: Make more data const. 721 722 - magick/quantize.c: Make more data const. 723 724 - magick/attribute.c: Make more data const. 725 726 - coders/png.c: Make more data const. 727 728 - coders/mpeg.c: Make more data const. 729 730 - coders/wmf.c: Make more data const. 731 732 - coders/tile.c: Make more data const. 733 7342019-05-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 735 736 - magick/enum\_strings.c: Make more data const. 737 7382019-05-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 739 740 - magick/magick.c: Make more data const. 741 742 - magick/type.c (GetTypeInfoByFamily): Make more data const. 743 744 - magick/unix\_port.c (MagickGetMMUPageSize): Decrease initialized 745 data. 746 747 - magick/utility.c (GetPageGeometry): Make more data const. 748 749 - coders/pdf.c (WritePDFImage): Allocate working buffer on stack 750 and pass as argument to EscapeParenthesis() to eliminate a thread 751 safety problem and also reduce BSS size. 752 753 - coders/webp.c (RegisterWEBPImage): Fix compiler warning. 754 755 - coders/jbig.c (RegisterJBIGImage): Make more data const. 756 757 - coders/pict.c (DecodeImage): Allocate output buffer used by 758 ExpandBuffer() on the stack rather than as static data private to 759 ExpandBuffer(). Eliminates a thread safety problem and also 760 reduces BSS size. 761 762 - coders/webp.c (RegisterWEBPImage): Reduce BSS size. 763 7642019-05-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 765 766 - coders/jp2.c: Make more data const. 767 768 - coders/wmf.c: Make more data const. 769 770 - coders/ps.c (WritePSImage): Make more data const. 771 772 - coders/ps2.c (WritePS2Image): Make more data const. 773 7742019-05-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 775 776 - magick/static.c: Revert to previous 'name' storage. Callback 777 functions in structure block being properly const. 778 779 - coders/xpm.c: Make more data const. 780 781 - coders/pnm.c: Make more data const. 782 783 - coders/palm.c: Make more data const. 784 785 - coders/meta.c: Make more data const. 786 787 - coders/dcraw.c: Make more data const. 788 789 - magick/command.c: Fix compilation problem when HasX11 is not 790 defined. 791 7922019-05-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 793 794 - magick/command.c: Make more data const. 795 7962019-05-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 797 798 - coders/webp.c (RegisterWEBPImage): Make more data const. 799 800 - coders/svg.c (RegisterSVGImage): Reduce BSS size. 801 802 - coders/miff.c (RegisterMIFFImage): Fix version reporting. 803 804 - coders/ttf.c (RegisterTTFImage): Fixed reporting of FreeType 805 version. 806 807 - coders/tiff.c (RegisterTIFFImage): Reduce BSS size. 808 809 - coders/sfw.c (ReadSFWImage): Make SFW static data completely 810 const. 811 812 - coders/ps3.c: Make PS3 static data completely const. 813 814 - coders/pict.c: Make PICT static data completely const. 815 816 - magick/error.c (ThrowException, ThrowLoggedException): Handle 817 the case where some passed character strings refer to existing 818 exception character strings. Fixes SourceForge issue #603 819 "heap-use-after-free in function ThrowLoggedException of 820 magick/error.c". 821 (CatchException): Restructure so there is one return point. 822 823 - coders/miff.c (ImportRLEPixels): Fix heap overflow caused by a 824 typo in the code. Also fix undefined behavior caused by large 825 left shifts of an unsigned char. Fixes SourceForge issue #608 826 "heap-buffer-overflow in ImportRLEPixels of coders/miff.c. 827 8282019-05-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 829 830 - coders/bmp.c (ReadBMPImage): Fix subrange/scene handling in 831 'ping' mode so it is like the other formats. Only the first frame 832 was being enumerated while in 'ping' mode. 833 8342019-05-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 835 836 - NEWS.txt: Update news. 837 838 - magick/utility.c (ExpandFilenames): Only expand '@filename' to a 839 list of arguments read from 'filename' if the path '@filename' 840 does not exist. This fix is made based on an email posting to the 841 'graphicsmagick-help' mailing list at SourceForge by "Test User" 842 on Tue, 7 May 2019. 843 8442019-05-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 845 846 - magick/colorspace.c: Reorder initialization of colorspace tables 847 for a possible performance improvement. 848 849 - magick/fx.c (WaveImage): Use float for sin map. 850 851 - configure.ac: Test for float versions of math functions. 852 853 - magick/gem.c (GenerateDifferentialNoise): Use float versions of 854 math functions when available. 855 8562019-05-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 857 858 - www/INSTALL-unix.rst: Expanded configure documentation for 859 --with-modules. Added specific configure documentation for 860 --with-umem and --with-mtmalloc, which may be useful on 861 Solaris-derived systems. 862 8632019-04-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 864 865 - magick/command.c (VersionCommand): Show OpenMP specification 866 version corresponding to version enumeration. 867 868 - magick/locale.c (GetLocaleMessageFromTag): Eliminate clang 869 warning about comparison with a constant value. 870 871 - magick/log.c (InitializeLogInfo): Initialize LogInfo log\_configured. 872 8732019-04-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 874 875 - magick/magic.c (struct): Ajust StaticMagic definition to be more 876 const-friendly. 877 878 - magick/color\_lookup.c (struct): Adjust StaticColors definition 879 to be more const-friendly. 880 881 - magick/attribute.c: Ajust tag\_table definition to be more 882 const-friendly. 883 884 - magick/log.c: Allocate LogInfo from heap as we used to do. 885 886 - magick/locale.c (GetLocaleMessageFromTag): Adaptations to locale 887 coder output changes. 888 889 - coders/locale.c (WriteLOCALEImage): Adjust locale coder output 890 to be more const. 891 8922019-04-20 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 893 894 - magick/color\_lookup.c: Make built-in color tables fully const. 895 896 - magick/animate.c: Use MagickXTextViewWidgetNDL() to display help 897 text. 898 899 - magick/display.c: Use MagickXTextViewWidgetNDL() to display help 900 text. 901 902 - magick/widget.c (MagickXTextViewWidgetNDL): New private function 903 to display multi-line null-delimited text in an X11 widget. 904 905 - coders/xwd.c (ReadXWDImage): Added even more XWD header 906 validation logic. Addresses problems noted by email from Hongxu 907 Chen to the graphicsmagick-security mail alias on Fri, 19 Apr 2019 908 and Sat, 20 Apr 2019 and entitled "Multiple crashes (FPE and 909 invalid read) when processing XWD files". 910 9112019-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 912 913 - coders/xwd.c (ReadXWDImage): Added even more XWD header 914 validation logic. Addresses problems noted by email from Hongxu 915 Chen to the graphicsmagick-security mail alias on Wed, 17 Apr 2019 916 and entitled "Multiple crashes (FPE and invalid read) when 917 processing XWD files". Also addresses additional issues noted 918 that an attacker could request to allocate an arbitrary amount of 919 memory based on ncolors and the claimed header size. 920 9212019-04-14 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 922 923 - coders/xwd.c (ReadXWDImage): Add more XWD header validation 924 logic. Addresses problems noted by email from Hongxu Chen to the 925 graphicsmagick-security mail alias on Sun, 14 Apr 2019 and 926 entitled "Multiple crashes (FPE and invalid read) when processing 927 XWD files". 928 9292019-04-13 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 930 931 - coders/pdb.c (WritePDBImage): Assure that input scanline is 932 cleared in order to cover up some decoder bug. May fix 14215 933 "graphicsmagick/coder\_PDB\_fuzzer: Use-of-uninitialized-value in 934 WritePDBImage", which I have not been able to reproduce. 935 936 - magick/render.c (DrawPrimitive): Check primitive point x/y 937 values for NaN. 938 (DrawImage): Fix oss-fuzz issue 14173 939 "graphicsmagick/coder\_MVG\_fuzzer: Integer-overflow in DrawImage". 940 941 - magick/pixel\_cache.c (SetNexus): Fix oss-fuzz issue 14208 942 "graphicsmagick/coder\_MVG\_fuzzer: Integer-overflow in SetNexus". 943 9442019-04-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 945 946 - magick/display.c: Add even more const declarations. 947 948 - coders/mat.c (WriteMATLABImage): Add completely missing error 949 handling. Fixes SourceForge issue #604 "heap-buffer-overflow in 950 function WriteMATLABImage of coders/mat.c". 951 9522019-04-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 953 954 - coders/pdb.c (WritePDBImage): Fix SourceForge issue #605 955 "heap-buffer-overflow in function WritePDBImage of coders/pdb.c". 956 957 - magick/widget.c: Add many const declarations. 958 959 - magick/display.c: Incorporate and eliminate display.h. Add many 960 const declarations. 961 962 - magick/animate.c: Incorporate and eliminate animate.h. Add many 963 const declarations. 964 9652019-04-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 966 967 - coders/wmf.c (ReadWMFImage): Reject WMF files with an empty 968 bounding box. Fixes SourceForge issue #606 "Division by Zero in 969 coders/wmf.c". 970 9712019-04-07 Fojtik Jaroslav <JaFojtik@seznam.cz> 972 973 - magick/nt\_base.c Fix a problem of finding ghostscript fonts. 974 Variable "font\_dir" was useless and thus removed. No need to copy 975 text multiple times. Use const char gs\_font\_dir[] instead of 976 pointer. 977 9782019-04-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 979 980 - coders/xwd.c (ReadXWDImage): Perform more header validations and 981 a file size validation in order to reject files with bogus 982 headers. 983 (WriteXWDImage): Fix SourceForge issue #599 984 "heap\_buffer\_overflow\_WRITE in function WriteXWDImage of 985 coders/xwd.c". 986 9872019-04-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 988 989 - coders/svg.c (SVGStartElement): Fix stack buffer overflow while 990 parsing quoted font family value. Fixes SourceForge issue #600 991 "stack-buffer-overflow in function SVGStartElement of 992 coders/svg.c". 993 994 - coders/miff.c (ReadMIFFImage): Detect end of file while reading 995 RLE packets. Fixes SourceForge issue #598 "heap-buffer-overflow 996 in function ReadMIFFImage of coders/miff.c". 997 9982019-04-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 999 1000 - coders/xwd.c (ReadXWDImage): Fix heap buffer overflow while 1001 reading DirectClass XWD file. Fixes SourceForge issue #597 1002 "heap-buffer-overflow in function ReadXWDImage of coders/xwd.c". 1003 10042019-04-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1005 1006 - coders/png.c (ReadMNGImage): Fix small buffer overflow (one 1007 PixelPacket) of image colormap. Fixes SourceForge issue #596 1008 "heap-buffer-overflow in function CloneImage of magick/image.c". 1009 1010 - magick/colormap.c (ReallocateImageColormap): New function to 1011 reallocate an image colormap. 1012 1013 - coders/logo.c: Make more static data const. 1014 1015 - magick/module\_aliases.h: Make more static data const. 1016 1017 - magick/static.c: Make more static data const. 1018 10192019-04-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1020 1021 - magick/log.c (LogMagickEventList): Log elapsed time with 1022 microsecond precision. 1023 10242019-03-31 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1025 1026 - coders/mpc.c (ReadMPCImage): Deal with a profile length of zero, 1027 or an irrationally large profile length. Fixes SourceForge issue 1028 #601 "memory leak in function ReadMPCImage of coders/mpc.c ". 1029 1030 - magick/xwindow.c (MagickXGetWindowInfo): Deal with the unlikely 1031 case that the memory allocation for window->segment\_info 1032 fails. Fixes SourceForge #595 "use allocate memory before null 1033 check" as pertains to magick/xwindow.c. 1034 1035 - magick/segment.c (Classify): Add check for memory allocation 1036 failure when allocating cluster array. Fixes SourceForge #595 "use 1037 allocate memory before null check" as pertains to 1038 magick/segment.c. 1039 1040 - coders/pdb.c (ReadPDBImage): Fix use of allocated memory before 1041 null check. Fixes SourceForge #595 "use allocate memory before 1042 null check" as pertains to coders/pdb.c. 1043 10442019-03-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1045 1046 - magick/pixel\_cache.c (AllocateThreadViewSet): Simplify the image 1047 view model by adding NexusInfo to the View structure (rather than 1048 referencing it via a pointer) to lessen the number of required 1049 per-thread allocations and to improve locality of reference. 1050 10512019-03-22 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1052 1053 - coders/wpg.c (WPG1\_Palette): Change to a static declaration. 1054 1055 - coders/dcm.c: dicom\_info array is now fully in the data segment. 1056 10572019-03-18 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1058 1059 - configure.ac: Add support for using the Solaris mtmalloc 1060 library. This is primarily for testing or as an alternative to 1061 Solaris umem. 1062 Stop using posix\_memalign() until it is uniformly more mature and 1063 reliably quick. 1064 10652019-03-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1066 1067 - magick/pixel\_cache.c (SetNexus): Smallest staging-area 1068 allocation is cache line size so declare it as such. 1069 1070 - magick/fx.c: Functions in the fx module which return a new Image 1071 should return a null Image if an exception was thrown. Also, 1072 assure that user has an opportunity to see the exception which was 1073 thrown. 1074 1075 - magick/error.c (ThrowLoggedException): Throwing an exception is 1076 now thread-safe. 1077 1078 - magick/pixel\_cache-private.h: Moved pixel cache private 1079 definitions to private header. 1080 10812019-03-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1082 1083 - magick/pixel\_cache.c (SetNexus): Pass x, y, columns, and rows 1084 rather than a pointer to RectangleInfo. This should be easier to 1085 inline on modern CPUs. 1086 10872019-03-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1088 1089 - magick/pixel\_cache.c (SetNexus): Cache resource limits in 1090 CacheInfo rather than repeatedly calling into the resource code in 1091 order to lessen the overhead of performing resource limit checks 1092 on the pixel cache views. 1093 1094 - magick/resource.c (AcquireMagickResource): Use a lock for each 1095 resource in order to lessen contention. Return a maximum 64-bit 1096 integer value if the resource has not been limited. Previously 1097 returned -1 in this case but this was not documented. 1098 10992019-03-07 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1100 1101 - magick/import.c (ImportViewPixelArea): If range between max and 1102 min is less than MagickEpsilon, produce a black image rather than 1103 throwing an exception. 1104 1105 - coders/mat.c (ReadMATImage): Fix memory leak on unexpected end 1106 of file. Fixes oss-fuzz 13556 "graphicsmagick/coder\_MAT\_fuzzer: 1107 Direct-leak in ReadMATImage". (Credit to OSS-Fuzz) 1108 11092019-03-06 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1110 1111 - coders/mat.c (ReadMATImage): Quit if image scanlines are not 1112 fully populated due to exception. Fixes oss-fuzz 13530 1113 "graphicsmagick/coder\_MAT\_fuzzer: Use-of-uninitialized-value in 1114 InsertComplexFloatRow". (Credit to OSS-Fuzz) 1115 11162019-03-04 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1117 1118 - coders/txt.c (ReadTXTImage): Don't start new line if x\_max < 1119 x\_min. Avoids calling SetImagePixels() with a width of zero. 1120 Related to oss-fuzz 13521 "graphicsmagick/coder\_TEXT\_fuzzer: 1121 Floating-point-exception in SetNexus". (Credit to OSS-Fuzz) 1122 1123 - magick/pixel\_cache.c (SetNexus): Report error for empty region 1124 rather than crashing due to divide by zero exception. This is a 1125 new bug due to yesterday's changes. Fixes oss-fuzz 13521 1126 "graphicsmagick/coder\_TEXT\_fuzzer: Floating-point-exception in 1127 SetNexus". (Credit to OSS-Fuzz) 1128 11292019-03-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1130 1131 - design/pixel-cache.dot: Update design dot diagram to remove 1132 IsNexusInCore and add CompositeCacheNexus. 1133 1134 - magick/pixel\_cache.c (SetNexus): Apply resource limits to pixel 1135 nexus allocations using the same limits (total pixels, width, 1136 height, memory) as applied to the whole image since some requests 1137 are directly influenced by the input file. Add yet more tests for 1138 arithmetic overflow. Whole source module is re-arranged so that 1139 static functions are in order of dependency so that forward 1140 prototype declarations are no longer needed. Fixes oss-fuzz 13210 1141 "graphicsmagick/coder\_MVG\_fuzzer: Integer-overflow in 1142 SetNexus". (Credit to OSS-Fuzz) 1143 11442019-03-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1145 1146 - magick/pixel\_cache.c (OpenCache): Use unsigned 64-bit value to 1147 store CacheInfo offset and length as well as for the total pixels 1148 calculation. Add some more arithmetic overflow detections. 1149 1150 - coders/topol.c (ReadTOPOLImage): Report a corrupt image 1151 exception "Unexpected end-of-file" if reader encounters end of 1152 file while reading header rows. Addresses oss-fuzz 7981 1153 "graphicsmagick/coder\_TOPOL\_fuzzer: Use-of-uninitialized-value in 1154 InsertRow". (Credit to OSS-Fuzz) 1155 1156 - coders/mat.c (ReadMATImage): Report a corrupt image exception 1157 "Unexpected end-of-file" if reader encounters end of file while 1158 reading scanlines. Also added some helpful traces. Hopefully 1159 addresses oss-fuzz 13445 "graphicsmagick/coder\_MAT\_fuzzer: 1160 Use-of-uninitialized-value in IsGrayImage". (Credit to OSS-Fuzz) 1161 11622019-02-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1163 1164 - magick/image.h ("C"): Include as "magick/image-private.h" as the 1165 other headers are. 1166 ("C"): Include "magick/image-private.h" inside the protective 1167 MAGICK\_IMPLEMENTATION guard, as it should have been. This error 1168 broke the oss-fuzz build. 1169 11702019-02-24 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1171 1172 - magick/image-private.h (\_ImageExtra): Put ImageExtra definition 1173 in a private header file so that its definition may be accessed 1174 directly by library internals. Add some accessor macros to 1175 provide access and update code to use them. 1176 1177 - coders/wpg.c (ReallocColormap): Make sure that there is not a 1178 heap overwrite if the number of colors has been reduced. Thanks 1179 to Jaroslav Fojtik for giving me a heads up about this. 1180 11812019-02-23 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1182 1183 - magick/monitor.c (MagickMonitorActive): Add new private function 1184 to test if a progress monitor is active. Update all progress 1185 monitor code in loops to use this information, while also updating 1186 code to hopefully address concerns expressed by Hongxu Chen about 1187 data races on the graphicsmagick-bugs mailing list starting on 1188 February 6, 2019. 1189 11902019-02-21 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1191 1192 - coders/mpc.c (ReadMPCImage): Tally directory length to avoid 1193 death by strlen(). 1194 1195 - coders/miff.c (ReadMIFFImage): Tally directory length to avoid 1196 death by strlen(). Fixes oss-fuzz 13190 1197 "graphicsmagick/coder\_MIFF\_fuzzer: Timeout in 1198 graphicsmagick\_coder\_MIFF\_fuzzer". (Credit to OSS-Fuzz) 1199 12002019-02-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1201 1202 - coders/svg.c (ReadSVGImage): Don't call xmlCleanupParser() 1203 in module code since this may cause other libxml users to fail. 1204 1205 - coders/msl.c (ProcessMSLScript): Don't call xmlCleanupParser() 1206 in module code since this may cause other libxml users to fail. 1207 1208 - magick/render.c (DrawDashPolygon): (DrawDashPolygon): Don't read 1209 beyond end of dash pattern array. This is a second instance of 1210 issue identified by SourceForge issue #591. Fixes oss-fuzz 13160 1211 "graphicsmagick/coder\_MVG\_fuzzer: Heap-buffer-overflow in 1212 DrawDashPolygon". The earlier attempt to fix this problem today 1213 broke dash patterns entirely. (Credit to OSS-Fuzz) 1214 1215 - magick/annotate.c (RenderFreetype): Eliminate memory leak of 1216 GlyphInfo.image (type FT\_Glyph) while rendering some FreeType 1217 fonts such as the one we use now in the Magick++ test suite. 1218 12192019-02-16 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1220 1221 - magick/render.c (DrawDashPolygon): Avoid reading one beyond 1222 length of dash pattern array, which is terminated by value 0.0. 1223 Fixes SourceForge issue #591 "Heap buffer overflow in 1224 DrawDashPolygon when parsing SVG images". 1225 (DrawPrimitive): Add arithmetic overflow checks when converting 1226 computed coordinates from 'double' to 'long'. 1227 (DrawImage): Don't destroy draw\_info in graphic\_context when 1228 draw\_info has not been allocated yet. Problem reported via email 1229 by Sami Supperi on Thu, 14 Feb 2019. 1230 1231 - coders/jpeg.c (ReadJPEGImage): JPEG files are observed to 1232 provide compression ratios as high as 2500 so allow for that. 1233 Also, the test for "Unreasonable dimensions" delivered yesterday 1234 was flawed since magick\_rows and magick\_columns are only set if a 1235 desired image size was provided. Fixes SourceForge issue 592 1236 "Non-malicious JPEG file fails with "Unreasonable dimensions"". 1237 1238 - coders/tiff.c (ReadTIFFImage): Only disassociate alpha channel 1239 for images where photometic is PHOTOMETRIC\_RGB. Fixes oss-fuzz 1240 13115 "graphicsmagick/coder\_PTIF\_fuzzer: 1241 Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to 1242 OSS-Fuzz) 1243 12442019-02-15 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1245 1246 - coders/jpeg.c (ReadJPEGImage): Base test for "Unreasonable 1247 dimensions" on original JPEG dimensions and not the scaled 1248 dimensions. Fixes SourceForge issue 593 "gm convert: Insufficient 1249 image data in file when hinting input image". 1250 12512019-02-13 Troy Patteson <troyp@ieee.org> 1252 1253 - PerlMagick/Magick.xs (Mogrify): Add decorate argument to Annotate. 1254 1255 - PerlMagick/Magick.xs (Mogrify): Remove reference to undefined 1256 Annotate argument. 1257 12582019-02-12 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1259 1260 - coders/tiff.c (ReadTIFFImage): For planar TIFF, make sure that 1261 pixels are initialized in case some planes are missing. Fixes 1262 oss-fuzz 13046 "graphicsmagick/coder\_PTIF\_fuzzer: 1263 Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to 1264 OSS-Fuzz) 1265 12662019-02-11 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1267 1268 - coders/pdf.c (WritePDFImage): Make sure to free 'xref' before 1269 returning. Similar to ImageMagick CVE-2019-7397 "In ImageMagick 1270 before 7.0.8-25, several memory leaks exist in WritePDFImage in 1271 coders/pdf.c.". Thanks to Petr Gajdos for bringing this issue to 1272 our attention. 1273 12742019-02-10 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1275 1276 - coders/wpg.c (ReadWPGImage): Use a different way to reallocate 1277 the colormap which preserves existing content, but also updates 1278 image->colors and assures that added palette entries are 1279 initialized. 1280 1281 - coders/png.c (ReadMNGImage): Bound maximum loop iterations by 1282 subrange as a primitive means of limiting resource consumption. 1283 This should finally resolve oss-fuzz 12738 1284 "graphicsmagick/enhance\_fuzzer: Out-of-memory in 1285 graphicsmagick\_enhance\_fuzzer". (Credit to OSS-Fuzz) 1286 1287 - coders/tiff.c (ReadTIFFImage): Assure that opacity channel is 1288 initialized in the RGBAStrippedMethod case. Convert 1289 'CorruptImageError' encountered while testing for more frames to 1290 'CorruptImageWarning' so we return the frames already read. 1291 Second try at fixing oss-fuzz 11896 1292 "graphicsmagick/coder\_PTIF\_fuzzer: Use-of-uninitialized-value in 1293 VerticalFilter". 1294 1295 - coders/dpx.c (AttributeToString): Eliminate clang 1296 "-Wstring-plus-int" warning observed in oss-fuzz build. 1297 1298 - coders/cineon.c (AttributeToString): Eliminate clang 1299 "-Wstring-plus-int" warning observed in oss-fuzz build. 1300 13012019-02-09 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1302 1303 - coders/pict.c (DecodeImage): Avoide a one-byte over-read of 1304 pixels heap allocation. The cause of the over-read is not yet 1305 understood. Fixes oss-fuzz 12019 1306 "graphicsmagick/coder\_PICT\_fuzzer: Heap-buffer-overflow in 1307 ExpandBuffer". (Credit to OSS-Fuzz) 1308 1309 - coders/wpg.c (ReadWPGImage): Assure that all colormap entries 1310 are initialized. Fixes oss-fuzz 12614 1311 "graphicsmagick/enhance\_fuzzer: Use-of-uninitialized-value in 1312 EnhanceImage". (Credit to OSS-Fuzz) 1313 1314 - coders/tiff.c (ReadTIFFImage): Make sure that image is in 1315 DirectClass mode and ignore any claimed colormap when the image is 1316 read using the RGBAStrippedMethod, RGBATiledMethod, or 1317 RGBAPuntMethod cases. Fixes oss-fuzz 12195 1318 "graphicsmagick/coder\_PTIF\_fuzzer: Use-of-uninitialized-value in 1319 ExportGrayQuantumType". (Credit to OSS-Fuzz) 1320 1321 - coders/miff.c (ReadMIFFImage): Improve pixel buffer calculations 1322 to defend against overflow. Assure that zlib and bzlib decode the 1323 expected number of bytes for a pixel row. Fixes oss-fuzz issue 1324 12448 "graphicsmagick/coder\_MIFF\_fuzzer: 1325 Use-of-uninitialized-value in RGBTransformPackets". (Credit to 1326 OSS-Fuzz) 1327 13282019-02-08 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1329 1330 - coders/png.c (ReadMNGImage): Quit processing and report error 1331 upon failure to insert MNG background layer. Fixes oss-fuzz 12738 1332 "graphicsmagick/enhance\_fuzzer: Out-of-memory in 1333 graphicsmagick\_enhance\_fuzzer". (Credit to OSS-Fuzz) 1334 13352019-02-03 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1336 1337 - coders/dib.c (ReadDIBImage, WriteDIBImage): Improve buffer-size 1338 calculations to guard against buffer overflows. The reader 1339 version was not as complete as it should have been, whereas the 1340 writer version did not guard against arithmetic overflow at all. 1341 1342 - coders/bmp.c (ReadBMPImage, WriteBMPImage): Improve buffer-size 1343 calculations to guard against buffer overflows. This is a 1344 follow-on fix to the previous fix submitted for SourceForge issue 1345 #582 "heap-buffer-overflow in ReadBMPImage of bmp.c" which is now 1346 also identified as CVE-2018-20185. 1347 1348 - www/Hg.rst: Updates to reflect current usage and availability. 1349 1350 - www/authors.rst: Promote Troy Patteson to the active contributor 1351 category. 1352 13532019-02-01 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1354 1355 - magick/version.h.in: Rotate ChangeLog and update copyright 1356 statements for the new year. 1357 13582019-01-30 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1359 1360 - coders/webp.c (WriteWEBPImage): Patch by Przemysław Sobala to 1361 support WebP 'use\_sharp\_yuv' option ("if needed, use sharp (and 1362 slow) RGB->YUV conversion") via `-define webp:use-sharp-yuv=true`. 1363 13642019-01-05 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> 1365 1366 - magick/pixel\_cache.c (SetNexus): Merge IsNexusInCore() 1367 implementation code into SetNexus() and add check for if 1368 cache\_info->pixels is null. Fixes SourceForge issue #588 "Bug in 1369 IsNexusInCore()". 1370 1371 - configure.ac (DcrawExtraOptions): Request TIFF output from dcraw 1372 if build supports TIFF format in order to obtain more metadata. 1373 This allows obtaining some metadata from standard TIFF tags 1374 (e.g. camera make, model, and dcraw version), and any attached ICC 1375 profile, but not specifically EXIF data since we don't support 1376 extracting EXIF data from TIFF yet. Inspired by SourceForge issue 1377 589 "Identify lack of data (no Exif) in RAW formats". 1378
