commit ca793d76191054d3659644139269c742c44bcab7
author cristy <urban-warrior@git.imagemagick.org> Fri Jan 23 13:03:55 2015 +0000
committer cristy <urban-warrior@git.imagemagick.org> Fri Jan 23 13:03:55 2015 +0000
tree 952a4f021776435d6045905273b91f6abf29ce9a
parent a663a4f23c3318d87f709f307fb05a912c031cd8

coders/dib.c

diff --git a/coders/dib.c b/coders/dib.c
index 9d735a4..1d713a1 100644
--- a/coders/dib.c
+++ b/coders/dib.c
@@ -514,6 +514,10 @@
   dib_info.y_pixels=ReadBlobLSBLong(image);
   dib_info.number_colors=ReadBlobLSBLong(image);
   dib_info.colors_important=ReadBlobLSBLong(image);
+  if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
+      (dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
+      (dib_info.bits_per_pixel != 24) && (dib_info.bits_per_pixel != 32))
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   if ((dib_info.compression == BI_BITFIELDS) &&
       ((dib_info.bits_per_pixel == 16) || (dib_info.bits_per_pixel == 32)))
     {
@@ -521,6 +525,8 @@
       dib_info.green_mask=ReadBlobLSBLong(image);
       dib_info.blue_mask=ReadBlobLSBLong(image);
     }
+  if (EOFBlob(image) != MagickFalse)
+    ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
   if (dib_info.width <= 0)
     ThrowReaderException(CorruptImageError,"NegativeOrZeroImageSize");
   if (dib_info.height == 0)
@@ -559,6 +565,8 @@
   image->depth=8;
   image->alpha_trait=dib_info.bits_per_pixel == 32 ? BlendPixelTrait :
     UndefinedPixelTrait;
+  if ((dib_info.number_colors > 256) || (dib_info.colors_important > 256))
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16))
     {
       size_t
@@ -1167,7 +1175,7 @@
       unsigned short
         word;
       /*
-        Convert PseudoClass packet to DIB pixel. 
+        Convert PseudoClass packet to DIB pixel.
       */
       for (y=0; y < (ssize_t) image->rows; y++)
       {