NULL pointer dereference in ReadCINEONImage
Swiss army knife of image processing
Brought to you by:
bfriesen
Menu
▾
▴
#474 NULL pointer dereference in ReadCINEONImage
Here is the critical code: (in ReadCINEONImage)
~~~
scandata=MagickAllocateMemory(unsigned char *,scandata_bytes); //821
for (y=0; y < (long) image->rows; y++)
{
magick_uint32_t red;
magick_uint32_t green;
magick_uint32_t blue;
q=SetImagePixels(image,0,y,image->columns,1);
if (q == (PixelPacket *) NULL)
break;
scanline=scandata;
if (ReadBlobZC(image,scandata_bytes,&scanline) != scandata_bytes)
break;
MagickBitStreamInitializeRead(&bit_stream,scanline);
for (x=0 ; x < (long) image->columns; x++)
{
/*
Packed 10 bit samples with 2 bit pad at end of 32-bit word.
*/
red = MagickBitStreamMSBRead(&bit_stream,10);
green = MagickBitStreamMSBRead(&bit_stream,10);
blue = MagickBitStreamMSBRead(&bit_stream,10);
(void) MagickBitStreamMSBRead(&bit_stream,2);
q->red = ScaleShortToQuantum(red*scale_to_short);
q->green = ScaleShortToQuantum(green*scale_to_short);
q->blue = ScaleShortToQuantum(blue*scale_to_short);
q->opacity = 0U;
/ printf("i:%u,%u,%u --> %u,%u,%u\n", red, green, blue, /
/ (unsigned int)q->red, (unsigned int)q->green, (unsigned int)q->blue); /
q++;
}
if (!SyncImagePixels(image))
break;
if (image->previous == (Image *) NULL)
if (QuantumTick(y,image->rows))
if (!MagickMonitorFormatted(y,image->rows,exception,
LoadImageText,image->filename,
image->columns,image->rows))
break;
}
......
~~~
MagickAllocateMemory(...) may return NULL, so some of the following operations on the "scanline" will Dereference Null pointer to cause memory error.
Credit : ADLab of Venustech
This problem is fixed by Mercurial changeset 15181:53a4d841e90f. Thanks for the report!