Bug in coder jpeg, function 'WriteProfile'

Post any defects you find in the released or beta versions of the ImageMagick software here. Include the ImageMagick version, OS, and any command-line required to reproduce the problem. Got a patch for a bug? Post it here.
Post Reply
Alex Dobusch
Posts: 10
Joined: 2011-10-11T07:50:11-07:00
Authentication code: 8675308

Bug in coder jpeg, function 'WriteProfile'

Post by Alex Dobusch »

Hello
As I tryed to convert an eps to a jpg I've found this bug:

ImageMagick-6.3.9-9
Ghostscript 9.0.4

In file 'coders\jpeg.c' at line 1649:

Code: Select all

xmp_profile=StringToStringInfo("http://ns.adobe.com/xap/1.0/");
ConcatenateStringInfo(xmp_profile,profile);
GetStringInfoDatum(xmp_profile)[28]='\0';
After concatenating the profile with the namespce the first char of the profile will be overwritten by "GetStringInfoDatum(xmp_profile)[28]='\0'".
This generates an unreadable jpg-file because the xmp_profile should start with the namespace, a null and the profile.

I've testet it with the older ImageMagick-6.7.1-9 and there it works. So I compared the code with ImageMagick-6.7.1-9 and found that in file 'magick\string.c' the function 'StringToStringInfo' changed from

Code: Select all

string_info=AcquireStringInfo(strlen(string)+1);
to

Code: Select all

string_info=AcquireStringInfo(strlen(string));
This means that after

Code: Select all

xmp_profile=StringToStringInfo("http://ns.adobe.com/xap/1.0/");
the length in xmp_profile is 28 instead of 29 (as in 6.7.1-9) which creates this fault.

Solution:
Add a space to the namespace

Code: Select all

xmp_profile=StringToStringInfo("http://ns.adobe.com/xap/1.0/ ");
so that he length will be calculated wit enough space for the following '\0'.

Alex
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Bug in coder jpeg, function 'WriteProfile'

Post by magick »

Thanks for the problem report and patch. We'll get the patch in ImageMagick 6.7.3-1 Beta by sometime tomorrow.
Post Reply