avoid reading beyond the end of the line buffer in rubthrough

author Tony Cook <tony@develop-help.com>

Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)

committer Tony Cook <tony@develop-help.com>

Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)
author Tony Cook <tony@develop-help.com>
Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)
committer Tony Cook <tony@develop-help.com>
Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)
diff --git a/Changes b/Changes

index 0fdeb44ccda50f2d117e0acdfda7f51c32db196f..d7bfcfc50537aad5282e1d910ed84d9d415afc04 100644 (file)
--- a/Changes
+++ b/Changes
@@ -1,5 +1,12 @@
  Imager release history.  Older releases can be found in Changes.old
  
+ - when drawing on an image with an alpha channel where the source
+   minimum is greater than zero, Imager would read from beyond the end
+   of a malloc() allocated buffer.  In rare circumstances this could
+   lead to some of the source image not being written to the target
+   image, or possibly to a segmentation fault.
+   I don't believe this has any security concerns beyond that.
+
  Imager 0.97 - 15 Jul 2013
  ===========
  
diff --git a/rubthru.im b/rubthru.im

index 8a2465f1f077cc65d3de70bab5e7be7c0b23b5e5..514ec09c3ec4f9985ed9b6c148d557889e6c02ef 100644 (file)
--- a/rubthru.im
+++ b/rubthru.im
@@ -110,7 +110,7 @@ rubthru_targ_alpha(i_img *im, i_img *src, i_img_dim tx, i_img_dim ty,
        ++min_x;
        ++srcp;
      }
-    while (max_x > min_x && src_line[max_x-1].channel[alphachan] == 0) {
+    while (max_x > min_x && src_line[max_x-1 - src_minx].channel[alphachan] == 0) {
        --max_x;
      }
author	Tony Cook <tony@develop-help.com>
	Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)
committer	Tony Cook <tony@develop-help.com>
	Fri, 19 Jul 2013 10:07:24 +0000 (20:07 +1000)
Changes		patch \| blob \| blame \| history
rubthru.im		patch \| blob \| blame \| history