crash PSD with layer with negative position x64

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
arepi
Posts: 2
Joined: 2010-09-01T07:28:30-07:00
Authentication code: 8675308

crash PSD with layer with negative position x64

Post by arepi »

A fix for ImageMagick 6.6.4 Windows x64 bug:

in psd.c layers data are parsed correctly if ssize_t is unsigned int, but in x64 platform it's an __int64, so adding 4294967295UL the result is wrong.

I've changed line 1001 and 1002 to cast to int instead of ssize_t, I'm not sure if test > 300000 is still necessary :

Code: Select all

          for (i=0; i < number_layers; i++)
          {
            if (image->debug != MagickFalse)
              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
                "  reading layer #%.20g",(double) i+1);

Line 1001 psd.c:
            layer_info[i].page.y=(ssize_t) ReadBlobMSBLong(image);
                                    ^ replace with int

Line 1002 psd.c:
            layer_info[i].page.x=(ssize_t) ReadBlobMSBLong(image);
                                    ^ replace with int

            layer_info[i].page.height=(size_t)
              (ReadBlobMSBLong(image)-layer_info[i].page.y);
            layer_info[i].page.width=(size_t)
              (ReadBlobMSBLong(image)-layer_info[i].page.x);
            if (layer_info[i].page.height > 300000)
              layer_info[i].page.height+=4294967295UL;
            if (layer_info[i].page.width > 300000)
              layer_info[i].page.width+=4294967295UL;
Top
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: crash PSD with layer with negative position x64

Post by magick »

Thanks for the problem report and patch. We'll get the patch into the next point release of ImageMagick.
Top
Post Reply

Return to “Bugs”