RubyGems - rmagick - Versions diffs - 7.0.4 → 7.0.5 - Mend

rmagick 7.0.4 → 7.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a6b67e7280c692114f508e96e6ddcf8d554825ba3705e917af4484158aba940f
-  data.tar.gz: 2ec01a3108eda0eebe35603ae94f675b0966343d5ccb8b2461706b67ea4f3e2c
+  metadata.gz: 6a209cf0d468a316b82b18e0dc8cdfe37d07e3a9a89a54750303c48fddbc4721
+  data.tar.gz: ec494eed858ad482b7fbc1a3784c471bed373ab2ad1cd3835c99b3c998548736
 SHA512:
-  metadata.gz: 1494b9956d04b5f569a39df7e436cae2cc361b093d8fc4339e7b6f56f893e0782f0e506d24faf807d8cc88c7fff697894b39f29cf651666ff1398d8bf421ed4a
-  data.tar.gz: 06e999110504c4ab2fc1c0ddbd9e43b7415c70173780e127d25132ad0d1e5f172622a445f61922800994ef6aed543f141d984602430f0db8ce0b48fafb2974b0
+  metadata.gz: 8879e76297539f5ab7816fb3ba4894530141292fdd828277774d5631655176c717f0888f4624d22f6b7006e9d1b544f7065705220d06df77eadbb428216d6dce
+  data.tar.gz: 67e8ff6082884e98cf7cf3dfc35eee092377fc2e4a1d60cc6679b9872dc4c52effc6a6ad6b95966a552eb6f15c2b0264ee2580d768dfce0b71a9aa1ee90b866a

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,15 @@
 All notable changes to this project are documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
+## RMagick 7.0.5
+Bug Fixes
+* Fix heap overflow from integer overflow in dispatch/export_pixels geometry (#1816)
+* Fix SEGV in Image/Pixel/Draw #marshal_load on a non-collection argument (#1815)
+* Fix SEGV when a Draw method is called on an uninitialized object (#1814)
+* Fix SEGV in Draw#primitive on non-String argument (#1813)
 ## RMagick 7.0.4
 Bug Fixes

data/ext/RMagick/rmdraw.cpp CHANGED Viewed

@@ -47,6 +47,33 @@ DEFINE_GVL_STUB3(GetTypeMetrics, Image *, const DrawInfo *, TypeMetric *);
 #endif
+/**
+ * Fetch the Draw struct and ensure it has been initialized (draw->info != NULL).
+ *
+ * Draw_alloc() leaves draw->info NULL until #initialize runs, so a Draw obtained
+ * via .allocate (or a subclass whose #initialize skips super) would otherwise
+ * dereference a NULL DrawInfo and crash the process. Raise instead.
+ *
+ * No Ruby usage (internal function)
+ *
+ * @param self the Draw object
+ * @return the initialized Draw struct
+ * @throw RuntimeError if the Draw object has not been initialized
+ */
+static Draw *
+get_draw(VALUE self)
+{
+    Draw *draw;
+    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    if (!draw->info)
+    {
+        rb_raise(rb_eRuntimeError, "%s has not been initialized", rb_obj_classname(self));
+    }
+    return draw;
+}
 /**
  * Set the affine matrix from an {Magick::AffineMatrix}.
  *
@@ -59,7 +86,7 @@ Draw_affine_eq(VALUE self, VALUE matrix)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     Export_AffineMatrix(&draw->info->affine, matrix);
     return matrix;
 }
@@ -77,7 +104,7 @@ Draw_align_eq(VALUE self, VALUE align)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     VALUE_TO_ENUM(align, draw->info->align, AlignType);
     return align;
 }
@@ -95,7 +122,7 @@ Draw_decorate_eq(VALUE self, VALUE decorate)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     VALUE_TO_ENUM(decorate, draw->info->decorate, DecorationType);
     return decorate;
 }
@@ -113,7 +140,7 @@ Draw_density_eq(VALUE self, VALUE density)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     magick_clone_string(&draw->info->density, StringValueCStr(density));
     return density;
@@ -132,7 +159,7 @@ Draw_encoding_eq(VALUE self, VALUE encoding)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     magick_clone_string(&draw->info->encoding, StringValueCStr(encoding));
     return encoding;
@@ -151,7 +178,7 @@ Draw_fill_eq(VALUE self, VALUE fill)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     Color_to_PixelColor(&draw->info->fill, fill);
     return fill;
 }
@@ -172,7 +199,7 @@ Draw_fill_pattern_eq(VALUE self, VALUE pattern)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     if (draw->info->fill_pattern != NULL)
     {
@@ -207,7 +234,7 @@ Draw_font_eq(VALUE self, VALUE font)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     magick_clone_string(&draw->info->font, StringValueCStr(font));
     return font;
@@ -226,7 +253,7 @@ Draw_font_family_eq(VALUE self, VALUE family)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     magick_clone_string(&draw->info->family, StringValueCStr(family));
     return family;
@@ -245,7 +272,7 @@ Draw_font_stretch_eq(VALUE self, VALUE stretch)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     VALUE_TO_ENUM(stretch, draw->info->stretch, StretchType);
     return stretch;
 }
@@ -263,7 +290,7 @@ Draw_font_style_eq(VALUE self, VALUE style)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     VALUE_TO_ENUM(style, draw->info->style, StyleType);
     return style;
 }
@@ -283,7 +310,7 @@ Draw_font_weight_eq(VALUE self, VALUE weight)
     size_t w;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     if (FIXNUM_P(weight))
     {
@@ -349,7 +376,7 @@ Draw_gravity_eq(VALUE self, VALUE grav)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     VALUE_TO_ENUM(grav, draw->info->gravity, GravityType);
     return grav;
@@ -368,7 +395,7 @@ Draw_kerning_eq(VALUE self, VALUE kerning)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->kerning = NUM2DBL(kerning);
     return kerning;
 }
@@ -386,7 +413,7 @@ Draw_interline_spacing_eq(VALUE self, VALUE spacing)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->interline_spacing = NUM2DBL(spacing);
     return spacing;
 }
@@ -404,7 +431,7 @@ Draw_interword_spacing_eq(VALUE self, VALUE spacing)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->interword_spacing = NUM2DBL(spacing);
     return spacing;
 }
@@ -505,7 +532,7 @@ Draw_marshal_dump(VALUE self)
     Draw *draw;
     VALUE ddraw;
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     // Raise an exception if the Draw has a non-NULL gradient or element_reference field
     if (draw->info->element_reference.type != UndefinedReference
@@ -566,6 +593,8 @@ Draw_marshal_load(VALUE self, VALUE ddraw)
     TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    Check_Type(ddraw, T_HASH);
     if (draw->info == NULL)
     {
         ImageInfo *image_info;
@@ -636,7 +665,7 @@ Draw_pointsize_eq(VALUE self, VALUE pointsize)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->pointsize = NUM2DBL(pointsize);
     return pointsize;
 }
@@ -656,7 +685,7 @@ Draw_rotation_eq(VALUE self, VALUE deg)
     AffineMatrix affine, current;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     degrees = NUM2DBL(deg);
     if (fabs(degrees) > DBL_EPSILON)
@@ -692,7 +721,7 @@ Draw_stroke_eq(VALUE self, VALUE stroke)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     Color_to_PixelColor(&draw->info->stroke, stroke);
     return stroke;
 }
@@ -712,7 +741,7 @@ Draw_stroke_pattern_eq(VALUE self, VALUE pattern)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     if (draw->info->stroke_pattern != NULL)
     {
@@ -748,7 +777,7 @@ Draw_stroke_width_eq(VALUE self, VALUE stroke_width)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->stroke_width = NUM2DBL(stroke_width);
     return stroke_width;
 }
@@ -766,7 +795,7 @@ Draw_text_antialias_eq(VALUE self, VALUE text_antialias)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     draw->info->text_antialias = (MagickBooleanType) RTEST(text_antialias);
     return text_antialias;
 }
@@ -797,7 +826,7 @@ Draw_undercolor_eq(VALUE self, VALUE undercolor)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     Color_to_PixelColor(&draw->info->undercolor, undercolor);
     return undercolor;
 }
@@ -840,7 +869,7 @@ VALUE Draw_annotate(
     // Save the affine matrix in case it is modified by
     // Draw#rotation=
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     keep = draw->info->affine;
     image_arg = rm_cur_image(image_arg);
@@ -1050,7 +1079,7 @@ Draw_draw(VALUE self, VALUE image_arg)
     image_arg = rm_cur_image(image_arg);
     image = rm_check_frozen(image_arg);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     if (draw->primitives == 0)
     {
         rb_raise(rb_eArgError, "nothing to draw");
@@ -1257,6 +1286,7 @@ Draw_primitive(VALUE self, VALUE primitive)
     Draw *draw;
     rb_check_frozen(self);
+    StringValue(primitive);
     TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
     if (draw->primitives == (VALUE)0)
@@ -1463,7 +1493,7 @@ PolaroidOptions_initialize(VALUE self)
     ExceptionInfo *exception;
     // Default shadow color
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     exception = AcquireExceptionInfo();
     QueryColorCompliance("gray75", AllCompliance, &draw->shadow_color, exception);
@@ -1525,7 +1555,7 @@ PolaroidOptions_border_color_eq(VALUE self, VALUE border)
     Draw *draw;
     rb_check_frozen(self);
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
     Color_to_PixelColor(&draw->info->border_color, border);
     return border;
 }
@@ -1628,7 +1658,7 @@ get_type_metrics(int argc, VALUE *argv, VALUE self, gvl_function_t fp)
         rb_raise(rb_eArgError, "no text to measure");
     }
-    TypedData_Get_Struct(self, Draw, &rm_draw_data_type, draw);
+    draw = get_draw(self);
 #if defined(IMAGEMAGICK_7)
     exception = AcquireExceptionInfo();
     draw->info->text = InterpretImageProperties(NULL, image, text, exception);

data/ext/RMagick/rmimage.cpp CHANGED Viewed

@@ -5630,6 +5630,41 @@ Image_displace(int argc, VALUE *argv, VALUE self)
 }
+/**
+ * Compute columns * rows * map_length for a pixel buffer, raising RangeError on
+ * overflow.
+ *
+ * The product is used to size the buffer that ImageMagick fills based on the
+ * (caller-supplied) columns and rows. If the multiplication wrapped around, the
+ * buffer would be allocated too small and ImageMagick would write out of bounds.
+ *
+ * No Ruby usage (internal function)
+ *
+ * @param columns the number of columns
+ * @param rows the number of rows
+ * @param map_length the number of channels per pixel (length of the map string)
+ * @return columns * rows * map_length
+ * @throw RangeError if the multiplication overflows
+ */
+static size_t
+pixel_buffer_count(size_t columns, size_t rows, size_t map_length)
+{
+    size_t pixels;
+    if (columns != 0 && rows > SIZE_MAX / columns)
+    {
+        rb_raise(rb_eRangeError, "pixel buffer dimensions too large (%" RMIuSIZE "x%" RMIuSIZE ")", columns, rows);
+    }
+    pixels = columns * rows;
+    if (map_length != 0 && pixels > SIZE_MAX / map_length)
+    {
+        rb_raise(rb_eRangeError, "pixel buffer dimensions too large (%" RMIuSIZE "x%" RMIuSIZE " map=%" RMIuSIZE ")",
+                 columns, rows, map_length);
+    }
+    return pixels * map_length;
+}
 /**
  * Extract pixel data from the image and returns it as an array of pixels. The "x", "y", "width" and
  * "height" parameters specify the rectangle to be extracted. The "map" parameter reflects the
@@ -5685,7 +5720,7 @@ Image_dispatch(int argc, VALUE *argv, VALUE self)
     }
     // Compute the size of the pixel array and allocate the memory.
-    npixels = columns * rows * mapL;
+    npixels = pixel_buffer_count(columns, rows, mapL);
     pixels.v = stg_type == QuantumPixel ? (void *) ALLOC_N(Quantum, npixels)
                : (void *) ALLOC_N(double, npixels);
@@ -6636,7 +6671,7 @@ Image_export_pixels(int argc, VALUE *argv, VALUE self)
     }
-    npixels = (long)(cols * rows * strlen(map));
+    npixels = (long)pixel_buffer_count(cols, rows, strlen(map));
     pixels = ALLOC_N(Quantum, npixels);
     if (!pixels)    // app recovered from exception
     {
@@ -6804,7 +6839,7 @@ Image_export_pixels_to_str(int argc, VALUE *argv, VALUE self)
     }
-    npixels = cols * rows * strlen(map);
+    npixels = pixel_buffer_count(cols, rows, strlen(map));
     switch (type)
     {
         case CharPixel:
@@ -6833,6 +6868,10 @@ Image_export_pixels_to_str(int argc, VALUE *argv, VALUE self)
     // Allocate a string long enough to hold the exported pixel data.
     // Get a pointer to the buffer.
+    if (npixels != 0 && sz > (size_t)LONG_MAX / npixels)
+    {
+        rb_raise(rb_eRangeError, "pixel buffer dimensions too large");
+    }
     string = rb_str_new2("");
     rb_str_resize(string, (long)(sz * npixels));
@@ -9056,6 +9095,8 @@ Image_marshal_load(VALUE self, VALUE ary)
     TypedData_Get_Struct(self, Image, &rm_image_data_type, image);
+    Check_Type(ary, T_ARRAY);
     filename = rb_ary_shift(ary);
     blob = rb_ary_shift(ary);

data/ext/RMagick/rmpixel.cpp CHANGED Viewed

@@ -1046,6 +1046,9 @@ Pixel_marshal_load(VALUE self, VALUE dpixel)
     Pixel *pixel;
     TypedData_Get_Struct(self, Pixel, &rm_pixel_data_type, pixel);
+    Check_Type(dpixel, T_HASH);
     pixel->red = NUM2QUANTUM(rb_hash_aref(dpixel, CSTR2SYM("red")));
     pixel->green = NUM2QUANTUM(rb_hash_aref(dpixel, CSTR2SYM("green")));
     pixel->blue = NUM2QUANTUM(rb_hash_aref(dpixel, CSTR2SYM("blue")));

data/lib/rmagick/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 # frozen_string_literal: true
 module Magick
-  VERSION = '7.0.4'
+  VERSION = '7.0.5'
   MIN_RUBY_VERSION = '3.2.0'
   MIN_IM6_VERSION = '6.9.0'
   MIN_IM7_VERSION = '7.1.0'

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rmagick
 version: !ruby/object:Gem::Version
-  version: 7.0.4
+  version: 7.0.5
 platform: ruby
 authors:
 - Tim Hunter
@@ -143,7 +143,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements:
 - ImageMagick 6.9.0+ (for ImageMagick 6) or 7.1.0+ (for ImageMagick 7)
-rubygems_version: 4.0.10
+rubygems_version: 4.0.15
 specification_version: 4
 summary: Ruby binding to ImageMagick
 test_files: []