[Bug 1492885] [NEW] Practically-infinite loop in MagickCore/image.c - SetImageBackgroundColor
Moshe Kaplan
mk.moshe.kaplan at gmail.com
Mon Sep 7 04:15:02 UTC 2015
Public bug reported:
SetImageBackgroundColor contains the following loop:
for (y=0; y < (ssize_t) image->rows; y++)
{
register Quantum
*restrict q;
register ssize_t
x;
if (status == MagickFalse)
continue;
q=QueueCacheViewAuthenticPixels(image_view,0,y,image->columns,1,exception);
if (q == (Quantum *) NULL)
{
status=MagickFalse;
continue;
}
for (x=0; x < (ssize_t) image->columns; x++)
{
SetPixelViaPixelInfo(image,&background,q);
q+=GetPixelChannels(image);
}
if (SyncCacheViewAuthenticPixels(image_view,exception) == MagickFalse)
status=MagickFalse;
}
this means it can execute the inner loop 2^31 times for each valid row,
for a potential maximum of 2^62 iterations.
** Affects: imagemagick (Ubuntu)
Importance: Undecided
Status: New
** Attachment added: "pict_almost_infinite_loop.pict"
https://bugs.launchpad.net/bugs/1492885/+attachment/4458551/+files/pict_almost_infinite_loop.pict
** Summary changed:
- Almost-infinite loop in MagickCore/image.c - SetImageBackgroundColor
+ Practically-infinite loop in MagickCore/image.c - SetImageBackgroundColor
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to imagemagick in Ubuntu.
https://bugs.launchpad.net/bugs/1492885
Title:
Practically-infinite loop in MagickCore/image.c -
SetImageBackgroundColor
Status in imagemagick package in Ubuntu:
New
Bug description:
SetImageBackgroundColor contains the following loop:
for (y=0; y < (ssize_t) image->rows; y++)
{
register Quantum
*restrict q;
register ssize_t
x;
if (status == MagickFalse)
continue;
q=QueueCacheViewAuthenticPixels(image_view,0,y,image->columns,1,exception);
if (q == (Quantum *) NULL)
{
status=MagickFalse;
continue;
}
for (x=0; x < (ssize_t) image->columns; x++)
{
SetPixelViaPixelInfo(image,&background,q);
q+=GetPixelChannels(image);
}
if (SyncCacheViewAuthenticPixels(image_view,exception) == MagickFalse)
status=MagickFalse;
}
this means it can execute the inner loop 2^31 times for each valid
row, for a potential maximum of 2^62 iterations.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1492885/+subscriptions
More information about the foundations-bugs
mailing list