GraphicsMagick / Bugs / #476 NULL Pointer in tiff.c

#476 NULL Pointer in tiff.c

Milestone: v1.0_(example)

Status: closed-fixed

Owner: Bob Friesenhahn

Labels: None

Priority: 5

Updated: 2017-09-30

Created: 2017-09-25

Creator: BlueKiller

Private: No

Here is the critical code

ignore=MagickAllocateArray(TIFFFieldInfo*,count,sizeof(*ignore)); //line 323
  /* This also sets field_bit to 0 (FIELD_IGNORE) */
  (void) memset(ignore,0,count*sizeof(*ignore)); //line 325
  while (*p != '\0')
    {
      while ((isspace((int) ((unsigned char) *p)) != 0))
        p++;

      ignore[i].field_tag=(ttag_t) strtol(p,&q,10);

      p=q;
      i++;

      while ((isspace((int) ((unsigned char) *p)) != 0) || (*p == ','))
        p++;
    }
  (void) TIFFMergeFieldInfo(tiff,ignore,(uint32) count);
  MagickFreeMemory(ignore);
}

Line 323 has a memory allocation, but there is no checking about the memory allocation failure.
So if MagickAllocateArray faile, line 325 will cause NULL Pointer Dereference.

Credit: ADLab of Venustech

Discussion

Bob Friesenhahn - 2017-09-30

status: open --> closed-fixed

assigned_to: Bob Friesenhahn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bob Friesenhahn - 2017-09-30

This problem is fixed by Mercurial changeset 15180:7b3342b4986b. Thanks for the report!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

NULL Pointer in tiff.c

Swiss army knife of image processing

Group

Searches

Help

#476 NULL Pointer in tiff.c

Discussion