Ubuntu
imagemagick package

Practically-infinite loop in MagickCore/image.c - SetImageBackgroundColor

Bug #1492885 reported by Moshe Kaplan
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ImageMagick
Fix Released
Unknown
imagemagick (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

SetImageBackgroundColor contains the following loop:

for (y=0; y < (ssize_t) image->rows; y++)
  {
    register Quantum
      *restrict q;

    register ssize_t
      x;

    if (status == MagickFalse)
      continue;
    q=QueueCacheViewAuthenticPixels(image_view,0,y,image->columns,1,exception);
    if (q == (Quantum *) NULL)
      {
        status=MagickFalse;
        continue;
      }
    for (x=0; x < (ssize_t) image->columns; x++)
    {
      SetPixelViaPixelInfo(image,&background,q);
      q+=GetPixelChannels(image);
    }
    if (SyncCacheViewAuthenticPixels(image_view,exception) == MagickFalse)
      status=MagickFalse;
  }

this means it can execute the inner loop 2^31 times for each valid row, for a potential maximum of 2^62 iterations.

Revision history for this message
Moshe Kaplan (moshekaplan) wrote :
summary: - Almost-infinite loop in MagickCore/image.c - SetImageBackgroundColor
+ Practically-infinite loop in MagickCore/image.c -
+ SetImageBackgroundColor
Revision history for this message
Moshe Kaplan (moshekaplan) wrote :

https://github.com/ImageMagick/ImageMagick/issues/27

broucaries (roucaries-bastien+bugs)
Changed in imagemagick (Ubuntu):
status: New → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in imagemagick:
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.