Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
http://www.imagemagick.org/discourse-server/

Stack corruption in GetEXIFProperty function

http://www.imagemagick.org/discourse-server/viewtopic.php?t=13766

Page 1 of 1

Stack corruption in GetEXIFProperty function

Posted: 2009-05-13T06:37:44-07:00
by cs_rol
Visual studio memory guard complained about corruption of the stack near variable 'buffer'
I had a closer look a the code and figured out it was right:

the macros EXIFMultipleValues and EXIFMultipleFractions do write on index -2 under some cirumstances:

Code: Select all

 property.c  
728	#define EXIFMultipleValues(size, format, arg) \
729	{ \
730	    long component; \
731	    size_t used_space; \
732	    unsigned char *p1; \
733	    used_space=0; \
734	    p1=p; \
735	    for (component = 0; component < components; component++) \
736	    { \
737	       used_space+=FormatMagickString(buffer+used_space, \
738	          MaxTextExtent-used_space,format", ",arg); \
739	       if (used_space >= MaxTextExtent - 1) \
740	          used_space=MaxTextExtent-1; \
741	       p1+=size; \
742	    } \
743	    buffer[used_space-2]='\0'; \
744	    value=AcquireString(buffer); \
745	}
if components is somehow 0, in line 743 buffer[-2] gets overwritten (the same is in line 762)

greets!

Re: Stack corruption in GetEXIFProperty function

Posted: 2009-05-13T10:16:11-07:00
by magick
We can reproduce the problem you posted and have a patch in ImageMagick 6.5.2-5 Beta available sometime tomorrow. Thanks.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited