From: Tony Cook <tony@develop-help.com>
Date: Fri, 19 Jul 2013 10:07:24 +0000 (+1000)
Subject: avoid reading beyond the end of the line buffer in rubthrough
X-Git-Tag: v0.98~15
X-Git-Url: http://git.imager.perl.org/imager.git/commitdiff_plain/6ba09ab9038542bd2e0107910e5cdd0285c000cc

avoid reading beyond the end of the line buffer in rubthrough
---

diff --git a/Changes b/Changes
index 0fdeb44c..d7bfcfc5 100644
--- a/Changes
+++ b/Changes
@@ -1,5 +1,12 @@
 Imager release history.  Older releases can be found in Changes.old
 
+ - when drawing on an image with an alpha channel where the source
+   minimum is greater than zero, Imager would read from beyond the end
+   of a malloc() allocated buffer.  In rare circumstances this could
+   lead to some of the source image not being written to the target
+   image, or possibly to a segmentation fault.
+   I don't believe this has any security concerns beyond that.
+
 Imager 0.97 - 15 Jul 2013
 ===========
 
diff --git a/rubthru.im b/rubthru.im
index 8a2465f1..514ec09c 100644
--- a/rubthru.im
+++ b/rubthru.im
@@ -110,7 +110,7 @@ rubthru_targ_alpha(i_img *im, i_img *src, i_img_dim tx, i_img_dim ty,
       ++min_x;
       ++srcp;
     }
-    while (max_x > min_x && src_line[max_x-1].channel[alphachan] == 0) {
+    while (max_x > min_x && src_line[max_x-1 - src_minx].channel[alphachan] == 0) {
       --max_x;
     }