commit f8dcd77f1fbba9b5f5b8e17cc4b0132919623808
author cristy <urban-warrior@git.imagemagick.org> Fri Dec 19 12:11:44 2014 +0000
committer cristy <urban-warrior@git.imagemagick.org> Fri Dec 19 12:11:44 2014 +0000
tree d1cfa293c71d1b22784310dabb8e16e2028c9a8a
parent 3c65c4f062b27f5c5f668e009716bdddf2adf947

coders/dib.c

diff --git a/coders/dib.c b/coders/dib.c
index 3fe828a..9ad1565 100644
--- a/coders/dib.c
+++ b/coders/dib.c
@@ -159,6 +159,10 @@
 #define BI_RLE8  1
 #define BI_RLE4  2
 #define BI_BITFIELDS  3
+#undef BI_JPEG
+#define BI_JPEG  4
+#undef BI_PNG
+#define BI_PNG  5
 #endif
 
   int
@@ -525,6 +529,8 @@
   dib_info.height=(short) ReadBlobLSBLong(image);
   dib_info.planes=ReadBlobLSBShort(image);
   dib_info.bits_per_pixel=ReadBlobLSBShort(image);
+  if (dib_info.bits_per_pixel > 32)
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   dib_info.compression=ReadBlobLSBLong(image);
   dib_info.image_size=ReadBlobLSBLong(image);
   dib_info.x_pixels=ReadBlobLSBLong(image);
@@ -538,11 +544,44 @@
       dib_info.green_mask=ReadBlobLSBLong(image);
       dib_info.blue_mask=ReadBlobLSBLong(image);
     }
-  image->alpha_trait=dib_info.bits_per_pixel == 32 ? BlendPixelTrait :
-    UndefinedPixelTrait;
+  if (dib_info.width <= 0)
+    ThrowReaderException(CorruptImageError,"NegativeOrZeroImageSize");
+  if (dib_info.height == 0)
+    ThrowReaderException(CorruptImageError,"NegativeOrZeroImageSize");
+  if (dib_info.planes != 1)
+    ThrowReaderException(CorruptImageError,"StaticPlanesValueNotEqualToOne");
+  if ((dib_info.bits_per_pixel != 1) && (dib_info.bits_per_pixel != 4) &&
+      (dib_info.bits_per_pixel != 8) && (dib_info.bits_per_pixel != 16) &&
+      (dib_info.bits_per_pixel != 24) && (dib_info.bits_per_pixel != 32))
+    ThrowReaderException(CorruptImageError,"UnrecognizedBitsPerPixel");
+  if (dib_info.bits_per_pixel < 16 &&
+      dib_info.number_colors > (1U << dib_info.bits_per_pixel))
+    ThrowReaderException(CorruptImageError,"UnrecognizedNumberOfColors");
+  if ((dib_info.compression == 1) && (dib_info.bits_per_pixel != 8))
+    ThrowReaderException(CorruptImageError,"UnrecognizedBitsPerPixel");
+  if ((dib_info.compression == 2) && (dib_info.bits_per_pixel != 4))
+    ThrowReaderException(CorruptImageError,"UnrecognizedBitsPerPixel");
+  if ((dib_info.compression == 3) && (dib_info.bits_per_pixel < 16))
+    ThrowReaderException(CorruptImageError,"UnrecognizedBitsPerPixel");
+  switch (dib_info.compression)
+  {
+    case BI_RGB:
+    case BI_RLE8:
+    case BI_RLE4:
+    case BI_BITFIELDS:
+      break;
+    case BI_JPEG:
+      ThrowReaderException(CoderError,"JPEGCompressNotSupported");
+    case BI_PNG:
+      ThrowReaderException(CoderError,"PNGCompressNotSupported");
+    default:
+      ThrowReaderException(CorruptImageError,"UnrecognizedImageCompression");
+  }
   image->columns=(size_t) MagickAbsoluteValue(dib_info.width);
   image->rows=(size_t) MagickAbsoluteValue(dib_info.height);
   image->depth=8;
+  image->alpha_trait=dib_info.bits_per_pixel == 32 ? BlendPixelTrait :
+    UndefinedPixelTrait;
   if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16))
     {
       size_t