rmagick 7.0.2 → 7.0.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '08ddd337d97e120559c7795dd051433b1453f7c420777083bf0ba29c094659b2'
-  data.tar.gz: 06e68a270014d1a93bc4873723e82f2a83144086d33c3329ff583ea357694af4
+  metadata.gz: a6b67e7280c692114f508e96e6ddcf8d554825ba3705e917af4484158aba940f
+  data.tar.gz: 2ec01a3108eda0eebe35603ae94f675b0966343d5ccb8b2461706b67ea4f3e2c
 SHA512:
-  metadata.gz: 8b21f2dacdd58215e7fdfe7cce5c057280c8450d77fdab2b5e6bf48b2d5ba4995309b54054db4e06537ea6bc496b9e4126a2fe2462704caeaeec3be520ce94f5
-  data.tar.gz: 46e1f9816246476793cdf5f71c33abb794212a0d1935dcf81ec6a83aeb1a3668a6248cf1d7d8ad8993a758c3e129835f2cd8a4f5f5d2c0a695328a271869db29
+  metadata.gz: 1494b9956d04b5f569a39df7e436cae2cc361b093d8fc4339e7b6f56f893e0782f0e506d24faf807d8cc88c7fff697894b39f29cf651666ff1398d8bf421ed4a
+  data.tar.gz: 06e999110504c4ab2fc1c0ddbd9e43b7415c70173780e127d25132ad0d1e5f172622a445f61922800994ef6aed543f141d984602430f0db8ce0b48fafb2974b0

data/CHANGELOG.md

@@ -3,6 +3,23 @@
 All notable changes to this project are documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## RMagick 7.0.4
+
+Bug Fixes
+
+* Fix report size in rm_kernel_info_memsize (#1808)
+* Fix NULL dereference in KernelInfo instance methods (#1807)
+* Fix memory leak and NULL deref in Image#properties (#1806)
+* Fix memory leak when string conversion raises (#1805)
+* Fix error handling in Pixel#to_color when QueryColorname fails (#1800)
+* Reject NAN in Pixel#from_hsla() (#1798)
+
+## RMagick 7.0.3
+
+Bug Fixes
+
+* Fix potential stack buffer overflows in format_exception and add_format_prefix (#1796)
+
 ## RMagick 7.0.2
 
 Bug Fixes

data/README.md

@@ -3,6 +3,7 @@ RMagick
 
 [![GemVersion](https://img.shields.io/gem/v/rmagick.svg?style=flat)](https://rubygems.org/gems/rmagick)
 ![CI](https://github.com/rmagick/rmagick/workflows/CI/badge.svg)
+[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/rmagick/rmagick)
 
 Table of Contents
 -----------------

data/ext/RMagick/rmimage.cpp

@@ -5355,16 +5355,17 @@ VALUE
 Image_delete_profile(VALUE self, VALUE name)
 {
     Image *image = rm_check_frozen(self);
+    char *profile_name = StringValueCStr(name);
 
 #if defined(IMAGEMAGICK_7)
     ExceptionInfo *exception = AcquireExceptionInfo();
 
-    GVL_STRUCT_TYPE(ProfileImage) args = { image, StringValueCStr(name), NULL, 0, exception };
+    GVL_STRUCT_TYPE(ProfileImage) args = { image, profile_name, NULL, 0, exception };
     CALL_FUNC_WITHOUT_GVL(GVL_FUNC(ProfileImage), &args);
     CHECK_EXCEPTION();
     DestroyExceptionInfo(exception);
 #else
-    GVL_STRUCT_TYPE(ProfileImage) args = { image, StringValueCStr(name), NULL, 0, MagickTrue };
+    GVL_STRUCT_TYPE(ProfileImage) args = { image, profile_name, NULL, 0, MagickTrue };
     CALL_FUNC_WITHOUT_GVL(GVL_FUNC(ProfileImage), &args);
 #endif
     return self;
@@ -12838,7 +12839,12 @@ Image_properties(VALUE self)
 
     if (rb_block_given_p())
     {
-        ary = rb_ary_new2(2);
+        long i;
+
+        // Collect the properties first so that neither the ExceptionInfo nor
+        // the property iterator is held across rb_yield. The block may break
+        // or raise, which would otherwise leak the ExceptionInfo.
+        ary = rb_ary_new();
 
         ResetImagePropertyIterator(image);
         property = GetNextImageProperty(image);
@@ -12849,9 +12855,7 @@ Image_properties(VALUE self)
 #else
             value = GetImageProperty(image, property);
 #endif
-            rb_ary_store(ary, 0, rb_str_new2(property));
-            rb_ary_store(ary, 1, rb_str_new2(value));
-            rb_yield(ary);
+            rb_ary_push(ary, rb_assoc_new(rb_str_new2(property), value ? rb_str_new2(value) : Qnil));
             property = GetNextImageProperty(image);
         }
 #if defined(IMAGEMAGICK_7)
@@ -12861,6 +12865,11 @@ Image_properties(VALUE self)
         rm_check_image_exception(image, RetainOnError);
 #endif
 
+        for (i = 0; i < RARRAY_LEN(ary); i++)
+        {
+            rb_yield(rb_ary_entry(ary, i));
+        }
+
         RB_GC_GUARD(ary);
 
         return self;
@@ -12879,7 +12888,7 @@ Image_properties(VALUE self)
 #else
             value = GetImageProperty(image, property);
 #endif
-            rb_hash_aset(attr_hash, rb_str_new2(property), rb_str_new2(value));
+            rb_hash_aset(attr_hash, rb_str_new2(property), value ? rb_str_new2(value) : Qnil);
             property = GetNextImageProperty(image);
         }
 #if defined(IMAGEMAGICK_7)
@@ -15833,6 +15842,9 @@ void add_format_prefix(Info *info, VALUE file)
     {
         memset(magic, '\0', sizeof(magic));
         magic_l = p - filename;
+        if (magic_l >= sizeof(magic)) {
+            magic_l = sizeof(magic) - 1;
+        }
         memcpy(magic, filename, magic_l);
 
         exception = AcquireExceptionInfo();

data/ext/RMagick/rmkinfo.cpp

@@ -51,7 +51,21 @@ rm_kernel_info_destroy(void *kernel)
 static size_t
 rm_kernel_info_memsize(const void *ptr)
 {
-    return sizeof(KernelInfo);
+    const KernelInfo *kernel = (const KernelInfo *)ptr;
+    size_t size = 0;
+
+    // A KernelInfo may be a linked list of kernels, each owning a values array.
+    while (kernel)
+    {
+        size += sizeof(KernelInfo);
+        if (kernel->values)
+        {
+            size += kernel->width * kernel->height * sizeof(*kernel->values);
+        }
+        kernel = kernel->next;
+    }
+
+    return size;
 }
 
 /**
@@ -105,6 +119,32 @@ KernelInfo_initialize(VALUE self, VALUE kernel_string)
 }
 
 
+/**
+ * Return the KernelInfo struct associated with the object, raising an
+ * exception if the object has not been initialized (for example, when it was
+ * created with KernelInfo.allocate or a previous initialize failed). Without
+ * this guard a NULL pointer would be handed to ImageMagick, causing a crash.
+ *
+ * No Ruby usage (internal function)
+ *
+ * @param self the KernelInfo object
+ * @return the KernelInfo struct
+ * @throw RuntimeError if the kernel has not been initialized
+ */
+static KernelInfo *
+get_kernel_info(VALUE self)
+{
+    KernelInfo *kernel;
+
+    TypedData_Get_Struct(self, KernelInfo, &rm_kernel_info_data_type, kernel);
+    if (!kernel)
+    {
+        rb_raise(rb_eRuntimeError, "KernelInfo has not been initialized");
+    }
+    return kernel;
+}
+
+
 /**
  * Adds a given amount of the 'Unity' Convolution Kernel to the given pre-scaled and normalized Kernel.
  *
@@ -113,7 +153,7 @@ KernelInfo_initialize(VALUE self, VALUE kernel_string)
 VALUE
 KernelInfo_unity_add(VALUE self, VALUE scale)
 {
-    GVL_STRUCT_TYPE(UnityAddKernelInfo) args = { (KernelInfo*)DATA_PTR(self), NUM2DBL(scale) };
+    GVL_STRUCT_TYPE(UnityAddKernelInfo) args = { get_kernel_info(self), NUM2DBL(scale) };
     CALL_FUNC_WITHOUT_GVL(GVL_FUNC(UnityAddKernelInfo), &args);
     return Qnil;
 }
@@ -134,7 +174,7 @@ KernelInfo_scale(VALUE self, VALUE scale, VALUE flags)
 
     VALUE_TO_ENUM(flags, geoflags, GeometryFlags);
 
-    GVL_STRUCT_TYPE(ScaleKernelInfo) args = { (KernelInfo*)DATA_PTR(self), NUM2DBL(scale), geoflags };
+    GVL_STRUCT_TYPE(ScaleKernelInfo) args = { get_kernel_info(self), NUM2DBL(scale), geoflags };
     CALL_FUNC_WITHOUT_GVL(GVL_FUNC(ScaleKernelInfo), &args);
     return Qnil;
 }
@@ -148,7 +188,7 @@ KernelInfo_scale(VALUE self, VALUE scale, VALUE flags)
 VALUE
 KernelInfo_scale_geometry(VALUE self, VALUE geometry)
 {
-    GVL_STRUCT_TYPE(ScaleGeometryKernelInfo) args = { (KernelInfo*)DATA_PTR(self), StringValueCStr(geometry) };
+    GVL_STRUCT_TYPE(ScaleGeometryKernelInfo) args = { get_kernel_info(self), StringValueCStr(geometry) };
     CALL_FUNC_WITHOUT_GVL(GVL_FUNC(ScaleGeometryKernelInfo), &args);
     return Qnil;
 }
@@ -161,7 +201,7 @@ KernelInfo_scale_geometry(VALUE self, VALUE geometry)
 VALUE
 KernelInfo_clone(VALUE self)
 {
-    KernelInfo *kernel = CloneKernelInfo((KernelInfo*)DATA_PTR(self));
+    KernelInfo *kernel = CloneKernelInfo(get_kernel_info(self));
     if (!kernel)
     {
         rb_raise(rb_eNoMemError, "not enough memory to continue");

data/ext/RMagick/rmpixel.cpp

@@ -473,8 +473,8 @@ Color_Name_to_PixelColor(PixelColor *color, VALUE name_arg)
     char *name;
     ExceptionInfo *exception;
 
-    exception = AcquireExceptionInfo();
     name = StringValueCStr(name_arg);
+    exception = AcquireExceptionInfo();
     okay = QueryColorCompliance(name, AllCompliance, color, exception);
     DestroyExceptionInfo(exception);
     if (!okay)
@@ -683,15 +683,16 @@ Pixel_from_color(VALUE klass ATTRIBUTE_UNUSED, VALUE name)
     PixelColor pp;
     ExceptionInfo *exception;
     MagickBooleanType okay;
+    char *color = StringValueCStr(name);
 
     exception = AcquireExceptionInfo();
-    okay = QueryColorCompliance(StringValueCStr(name), AllCompliance, &pp, exception);
+    okay = QueryColorCompliance(color, AllCompliance, &pp, exception);
     CHECK_EXCEPTION();
     DestroyExceptionInfo(exception);
 
     if (!okay)
     {
-        rb_raise(rb_eArgError, "invalid color name: %s", StringValueCStr(name));
+        rb_raise(rb_eArgError, "invalid color name: %s", color);
     }
 
     return Pixel_from_PixelColor(&pp);
@@ -739,19 +740,19 @@ Pixel_from_hsla(int argc, VALUE *argv, VALUE klass ATTRIBUTE_UNUSED)
             break;
     }
 
-    if (alpha && (a < 0.0 || a > 1.0))
+    if (alpha && !(a >= 0.0 && a <= 1.0))
     {
         rb_raise(rb_eRangeError, "alpha %g out of range [0.0, 1.0]", a);
     }
-    if (l < 0.0 || l > 255.0)
+    if (!(l >= 0.0 && l <= 255.0))
     {
         rb_raise(rb_eRangeError, "lightness %g out of range [0.0, 255.0]", l);
     }
-    if (s < 0.0 || s > 255.0)
+    if (!(s >= 0.0 && s <= 255.0))
     {
         rb_raise(rb_eRangeError, "saturation %g out of range [0.0, 255.0]", s);
     }
-    if (h < 0.0 || h >= 360.0)
+    if (!(h >= 0.0 && h < 360.0))
     {
         rb_raise(rb_eRangeError, "hue %g out of range [0.0, 360.0)", h);
     }
@@ -1269,8 +1270,7 @@ Pixel_to_color(int argc, VALUE *argv, VALUE self)
     rm_init_magickpixel(image, &mpp);
     rm_set_magick_pixel_packet(pixel, &mpp);
 
-    // Support for hex-format color names moved out of QueryMagickColorname
-    // in 6.4.1-9. The 'hex' argument was removed as well.
+    MagickBooleanType okay = MagickTrue;
     if (hex)
     {
         if (compliance == XPMCompliance)
@@ -1286,14 +1286,18 @@ Pixel_to_color(int argc, VALUE *argv, VALUE self)
     }
     else
     {
-        QueryColorname(image, &mpp, compliance, name, exception);
+        okay = QueryColorname(image, &mpp, compliance, name, exception);
     }
 
     DestroyImage(image);
     CHECK_EXCEPTION();
     DestroyExceptionInfo(exception);
 
-    // Always return a string, even if it's ""
+    if (!okay)
+    {
+        rb_raise(Class_ImageMagickError, "QueryColorname failed (unsupported colorspace)");
+    }
+
     return rb_str_new2(name);
 }
 

data/ext/RMagick/rmutil.cpp

@@ -1574,15 +1574,11 @@ rm_check_image_exception(Image *imglist, ErrorRetention retention)
 static void
 format_exception(const ExceptionType severity, const char *reason, const char *description, char *msg)
 {
-    int len;
     memset(msg, 0, ERROR_MSG_SIZE);
-
-    len = snprintf(msg, ERROR_MSG_SIZE, "%s%s%s",
+    snprintf(msg, ERROR_MSG_SIZE, "%s%s%s",
         GetLocaleExceptionMessage(severity, reason),
         description ? ": " : "",
         description ? GetLocaleExceptionMessage(severity, description) : "");
-
-    msg[len] = '\0';
 }
 
 

data/lib/rmagick/version.rb

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 
 module Magick
-  VERSION = '7.0.2'
+  VERSION = '7.0.4'
   MIN_RUBY_VERSION = '3.2.0'
   MIN_IM6_VERSION = '6.9.0'
   MIN_IM7_VERSION = '7.1.0'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rmagick
 version: !ruby/object:Gem::Version
-  version: 7.0.2
+  version: 7.0.4
 platform: ruby
 authors:
 - Tim Hunter