Serious issue using zlib

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
mootools
Posts: 19
Joined: 2005-06-30T06:08:40-07:00
Location: France

Serious issue using zlib

Post by mootools » 2009-06-26T01:18:06-07:00

Hello,

I find a serious issue in the way of using zlib.

Look at blob.c / line 2373

Code: Select all

#if defined(MAGICKCORE_ZLIB_DELEGATE)
  if (((strlen(filename) > 2) &&
       (LocaleCompare(filename+strlen(filename)-2,".Z") == 0)) ||
      ((strlen(filename) > 3) &&
       (LocaleCompare(filename+strlen(filename)-3,".gz") == 0)) ||
      ((strlen(filename) > 4) &&
       (LocaleCompare(filename+strlen(filename)-4,".wmz") == 0)) ||
      ((strlen(filename) > 5) &&
       (LocaleCompare(filename+strlen(filename)-5,".svgz") == 0)))
    {
      [b]image->blob->file=(FILE *) gzopen(filename,type);[/b] // This is an error!
      if (image->blob->file != (FILE *) NULL)
        image->blob->type=ZipStream;
    }
  else
#endif
If you look the gzio.c code, gzopen return an opaque structure which is not a FILE * (the structure is gz_stream internal to gzio.c)
This make ImageMagick crash several line after in the GetBlobSize function:

Code: Select all

   case ZipStream:
    {
#if defined(MAGICKCORE_ZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif
      break;
    }
In this code, image->blob->file should be a FILE *, which is false in the zlib case.
It makes ImageMagick crashes on Windows.

Here is a file which is incorrectly reads it this help...

sports.wmz

I also think that a similar problem occurs with the BZipStream.
I didn't check it, but the code is the same and BZ2_bzopen also returns an opaque structure which is not a FILE * and should make crash :

Code: Select all

#if defined(MAGICKCORE_BZLIB_DELEGATE)
      if (fstat(fileno(image->blob->file),&image->blob->properties) == 0)
        length=(MagickSizeType) image->blob->properties.st_size;
#endif
I hope this help,
Manuel
Manuel Jouglet
Mootools

User avatar
magick
Site Admin
Posts: 11100
Joined: 2003-05-31T11:32:55-07:00

Re: Serious issue using zlib

Post by magick » 2009-06-26T05:28:46-07:00

Thanks for the problem report. We have a patch in ImageMagick 6.5.4-0 Beta to fix the problem available by sometime tomorrow.

Post Reply