I found my code hanging forever trying to read a .pgm image file. The image file turned out to be corrupt, so it wouldn't have been able to read it, but the hanging was really a problem. I tracked it down to coders/pnm.c. (I am using ImageMagick 6.2.8 on linux, though I was able to reproduce the bug in 6.3.0 also, so it is still there.)
According to the docs at http://netpbm.sourceforge.net/doc/#formats, the largest allowable max_value is 65535, but this isn't being checked in the code. I had a value that was 2^32-1, and the below loop in ReadPNMImage, line 408 of coders/pnm.c, was going on forever:
for (image->depth=1; (1UL << image->depth) < max_value; image->depth++);
I preceded this line by the following check and it seemed to clear up the problem:
if (max_value >= 65536)
ThrowReaderException(CorruptImageError,"MaxPixelValueTooLarge");
Just wanted to pass this on, so someone can check that this is right and put it back into the codebase. Thanks.
Infinite loop on corrupt pnm images
Who is online
Users browsing this forum: Google [Bot] and 15 guests