github.com/kaydxh/golang@v0.0.131/pkg/gocv/cgo/third_path/graphics-magick/share/doc/GraphicsMagick/ChangeLog.2018 (about)

     1  2018-12-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
     2  
     3  	* coders/jpeg.c (ReadJPEGImage): Move return point for 'ping' mode
     4  	until after jpeg_start_decompress() and after JPEG compression
     5  	properties have been estimated.  Fixes SourceForge issue #578 "gm
     6  	identify with format "%[JPEG-Colorspace-Name]" does not work" and
     7  	#586 "Identify returning wrong compression values".
     8  
     9  2018-12-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    10  
    11  	* coders/gif.c (ReadGIFImage): Don't throw an error if opacity is
    12  	outside of the range of the image colors.  Fix suggested by 莫红波
    13  	<hongbo.mo@upai.com> on the graphicsmagick-bugs mailinb list on
    14  	Fri, 9 Oct 2015.
    15  
    16  	* magick/memory.h (MagickAllocateClearedArray): New macro for
    17  	allocating a cleared array.
    18  
    19  	* magick/resize.c (ScaleImage): Patch by Troy Patteson which
    20  	resolves SourceForge issue #381 "Artifacts when scaling a PNG with
    21  	semi-transparent pixels".
    22  
    23  	ScaleImage() suffers from two problems related to the blending of
    24  	fully transparent pixels with non-fully transparent pixels during
    25  	the scaling operation.
    26  
    27  	The first is that the colour values for fully transparent pixels
    28  	are contributing to the colour values of the blended pixels when
    29  	they should not.
    30  
    31  	The second is that the colour values of pixels blended with fully
    32  	and non-fully transparent pixels are scaled as though the fully
    33  	transparent pixels contribute to the blended pixels' colour values
    34  	when they should not. For example, if blending 10% of a fully
    35  	opaque white pixel with 90% of a fully transparent black pixel one
    36  	would expect the blended pixel RGBA values to be 255,255,255,25.5
    37  	assuming 8 bit colour but they are in fact 25.5,25.5,25.5,25.5.
    38  
    39  	The provided patch solves the first issue by treating the colour
    40  	values of fully transparent pixels as zero and the second issue by
    41  	recording the volume of each blended pixel made up of pxiels that
    42  	are not fully transparent (0.1 in the above example) and then
    43  	scaling the blended pixel RGB values by dividing by that
    44  	amount. In the above example, 25.5/0.1 = 255.
    45  
    46  2018-12-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    47  
    48  	* coders/dib.c (ReadDIBImage): DIB images claiming more than
    49  	8-bits per pixel are not colormapped.  Reject such files.  Fixes
    50  	SourceForge issue #585 "Assertion Failure in coders/png.c:7503".
    51  	The problem is in the DIB reader rather than PNG.
    52  
    53  	* coders/miff.c (ReadMIFFImage): Detect and reject zero-length
    54  	deflate-encoded row in MIFF version 0.  Fixes oss-fuzz 11876
    55  	"graphicsmagick/coder_MIFF_fuzzer: Use-of-uninitialized-value in
    56  	deflate_slow". (Credit to OSS-Fuzz)
    57  
    58  	* configure.ac: Improve search for true Microsoft Windows fonts
    59  	and provide better indication of results.  Fix a typo which caused
    60  	DcrawExtraOptions not to be evaluated correctly.
    61  
    62  2018-12-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    63  
    64  	* coders/tiff.c (QuantumTransferMode): Be more strict about the
    65  	requirements for CIE Log2(L) and LOGLUV images.
    66  	(ReadTIFFImage): Apply memory resource limits to strip and tile
    67  	allocations.
    68  	(ReadTIFFImage): Rationalize tile width/height to reject large
    69  	tile sizes which are much larger than the image dimensions.  Fixes
    70  	oss-fuzz 11824 "graphicsmagick/coder_BIGTIFF_fuzzer: Out-of-memory
    71  	in graphicsmagick_coder_BIGTIFF_fuzzer". (Credit to OSS-Fuzz)
    72  	(ReadTIFFImage): Return with error if TIFFClientOpen() reports
    73  	errors yet still returns a TIFF handle.
    74  
    75  2018-12-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    76  
    77  	* coders/tga.c (WriteTGAImage): Image rows/columns must not be
    78  	larger than 65535. Fixes SourceForge #583 "heap-buffer-overflow in
    79  	WriteTGAImage of tga.c".
    80  
    81  2018-12-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    82  
    83  	* coders/bmp.c (ReadBMPImage): Fix heap overflow in 32-bit build
    84  	due to arithmetic overflow.  Only happens if limits are changed
    85  	from defaults. Fixes SourceForge #582 "heap-buffer-overflow in
    86  	ReadBMPImage of bmp.c".
    87  
    88  2018-12-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    89  
    90  	* common.shi.in (MAGICK_FONT): The test suite must pass even on
    91  	systems where we don't find any fonts.
    92  
    93  2018-12-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
    94  
    95  	* coders/miff.c (ReadMIFFImage): Sanitize claimed profile size
    96  	before allocating memory for it.  Fixes oss-fuzz 11781
    97  	"graphicsmagick/coder_MIFF_fuzzer: Out-of-memory in
    98  	graphicsmagick_coder_MIFF_fuzzer". (Credit to OSS-Fuzz)
    99  
   100  2018-12-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   101  
   102  	* coders/png.c (ReadMNGImage): Fix non-terminal MNG looping.
   103  	Fixes oss-fuzz 11596 "graphicsmagick/coder_MNG_fuzzer: Timeout in
   104  	graphicsmagick_coder_MNG_fuzzer". (Credit to OSS-Fuzz)
   105  
   106  2018-12-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   107  
   108  	* coders/xpm.c (WriteXPMImage): Assure that added colormap entry
   109  	for transparent XPM is initialized. Fixes oss-fuzz 11617
   110  	"graphicsmagick/coder_XPM_fuzzer: Use-of-uninitialized-value in
   111  	QueryColorname". (Credit to OSS-Fuzz)
   112  
   113  	* coders/miff.c (ReadMIFFImage): Fix memory leak of profiles
   114  	'name' when claimed length is zero.  Fixes oss-fuzz 11710
   115  	"graphicsmagick/coder_MIFF_fuzzer: Direct-leak in AllocateString".
   116  	and oss-fuzz 11688 "graphicsmagick/coder_MIFF_fuzzer:
   117  	Out-of-memory in graphicsmagick_coder_MIFF_fuzzer". (Credit to
   118  	OSS-Fuzz)
   119  
   120  2018-12-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   121  
   122  	* fuzzing/oss-fuzz-build.sh: Apply patch from Alex Gaynor to add
   123  	Zstd to the oss-fuzz build.
   124  
   125  2018-12-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   126  
   127  	* configure.ac (DcrawExtraOptions): For QuantumDepth > 8 pass -6
   128  	option to dcraw.  Fixes SourceForge issue #568 "dcraw not
   129  	returning 16 bit image even though quantum depth is set to 16".
   130  
   131  	* fuzzing/oss-fuzz-build.sh (PKG_CONFIG_PATH): Build WebP prior to
   132  	libtiff so that libtiff has a chance to find it.
   133  
   134  2018-11-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   135  
   136  	* magick/command.c (TimeImageCommand): Time command now shows 6
   137  	digits of elapsed time indication since this precision is often
   138  	now available and it is useful to see.
   139  
   140  2018-11-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   141  
   142  	* Magick++/lib/Magick++/Drawable.h: Fix use of clang diagnostic
   143  	syntax. Addresses SourceForge bug #579 "'diagnostic pop' pragma
   144  	without 'diagnostic push' in Drawable.h.".
   145  
   146  2018-11-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   147  
   148  	* magick/constitute.c (WriteImage): Eliminate use of just-freed
   149  	memory in clone_info->magick when throwing exception due to no
   150  	support for format.  Fixes SourceForge issue #576 "heap
   151  	use-after-freee when convert one format into another format".
   152  
   153  	* magick/command.c (BenchmarkImageCommand): Benchmark command now
   154  	shows 6 digits of elapsed time indication since this precision is
   155  	often now available and it is useful to see.
   156  
   157  2018-11-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   158  
   159  	* wand/wand_api.h ("C"): magick/api.h should be included prior to
   160  	wand/wand_symbols.h.  Change made due to report by yzh杨振宏 on
   161  	Wed, 21 Nov 2018 via the graphicsmagick-bugs mailing list.
   162  
   163  2018-11-20  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   164  
   165  	* magick/nt_base.c Fix a bug when OS does not support performance counter.
   166  
   167  2018-11-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   168  
   169  	* magick/nt_base.c (NTElapsedTime): Use
   170  	QueryPerformanceFrequency() and QueryPerformanceCounter() to
   171  	measure elapsed time for Windows.
   172  
   173  2018-11-19  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   174  
   175  	* tiff/port/snprintf.c Fix for older Microsoft Visual Studio
   176  
   177  2018-11-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   178  
   179  	* www/index.rst: Update in preparation for 1.3.31 release.
   180  
   181  	* version.sh: Update library versioning in preparation for
   182  	1.3.31 release.
   183  
   184  	* NEWS.txt: Update news in preparation for 1.3.31 release.
   185  
   186  2018-11-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   187  
   188  	* magick/command.c (BenchmarkUsage): Document the benchmark
   189  	command better.
   190  
   191  2018-11-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   192  
   193  	* magick/resize.c (HorizontalFilter, VerticalFilter): quantum is a
   194  	pointer so it's value can not be usefully flushed.  Use a local
   195  	variable and then update quantum pointer when done.
   196  
   197  2018-11-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   198  
   199  	* magick/*: Changed row_count tallying to use 'omp atomic' and
   200  	status update to use 'omp flush' for progress and error
   201  	indication.  This replaces most use of 'omp critical' for this
   202  	purpose.  Changed some lumpy algorithms which were using 'static'
   203  	scheduling to 'guided' scheduling due to observing better results.
   204  	Also added prolific 'restrict' annotations where they were
   205  	missing.
   206  
   207  	* www/security.rst: Documented a PGP private key for file signing
   208  	or private correspondence.
   209  
   210  2018-11-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   211  
   212  	* www/authors.rst: Moved "Glenn Randers-Pehrson" and "Gregory J
   213  	Wolfe" to the "Former Contributor" category.
   214  
   215  2018-11-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   216  
   217  	* Added many GCC function annotations in the libraries and coders.
   218  
   219  2018-11-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   220  
   221  	* configure.ac: Use printf rather than echo to portably expand tab
   222  	requests in configuration summary.
   223  
   224  2018-11-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   225  
   226  	* configure.ac: Use pkg-config data as the initial choice when
   227  	configuring for FreeType 2.0 and libxml-2.0.  Only fall back to
   228  	invoking an external script (and then traditional methods) if
   229  	pkg-config fails.
   230  
   231  	* coders/msl.c (ProcessMSLScript): Release msl_image if OpenBlob
   232  	fails.  Similar to ImageMagick CVE-2018-18544.  Problem was
   233  	reported to us via email from Petr Gajdos on Thu, 1 Nov 2018.
   234  
   235  2018-10-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   236  
   237  	* coders/miff.c (WriteMIFFImage): Only run
   238  	strlen(attribute->value) once per attribute since the length won't
   239  	change.  May address oss-fuzz 11158
   240  	"graphicsmagick/coder_MIFF_fuzzer: Timeout in
   241  	graphicsmagick_coder_MIFF_fuzzer". (Credit to OSS-Fuzz)
   242  
   243  	* Fix compilation warnings observed with GCC 8.2.0.
   244  
   245  2018-10-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   246  
   247  	* magick/pixel_iterator.c (PixelIterateMonoModifyImplementation):
   248  	Use atomic and flush rather than critical construct for a small
   249  	speedup.
   250  
   251  	* magick/monitor.c (MagickMonitorFormatted): Serialize calls to
   252  	the progress monitor so that the caller does not need to perform
   253  	this serialization.
   254  	(MagickMonitor): Serialize calls to the progress monitor so that
   255  	the caller does not need to perform this serialization.  This
   256  	function is now marked as deprecated.
   257  	(InitializeMagickMonitor): New private function to initialize
   258  	monitor functionality.
   259  	(DestroyMagickMonitor): New private function to destroy monitor
   260  	functionality.
   261  
   262  2018-10-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   263  
   264  	* coders/gif.c (ReadGIFImage): Improve the efficiency of storing a
   265  	GIF comment in order to avoid a DOS opportunity.  Fixes oss-fuzz
   266  	11096 "graphicsmagick/coder_GIF_fuzzer: Timeout in
   267  	graphicsmagick_coder_GIF_fuzzer". (Credit to OSS-Fuzz)
   268  
   269  2018-10-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   270  
   271  	* PerlMagick/Makefile.PL.in: Use MAGICK_API_LIBS to obtain the
   272  	list of libraries to use when linking.
   273  
   274  	* configure.ac: OpenMP library is normally supplied due to a
   275  	CFLAGS option so only supply it in cases where the CFLAGS option
   276  	may be lost or it might not be used.  Otherwise the compiler may
   277  	apply the library twice when linking.
   278  
   279  2018-10-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   280  
   281  	* configure.ac: Remove Ghostscript library support (--with-gslib)
   282  	from configure script.  The 'HasGS' pre-processor defines which
   283  	were enabled by this remain in the source code so it is still
   284  	possible to use this library if absolutely necessary
   285  	(e.g. CPPFLAGS=-DHasGS LIBS=-lgs).
   286  
   287  	* tests/rwfile.tap: Test TIFF format with all supported
   288  	compression options.
   289  
   290  	* tests/{rwblob.c, rwfile.c} (main): Use StringToCompressionType()
   291  	to parse compression option. Also consider requested compression
   292  	algorithm when deciding if format is lossy.
   293  
   294  	* coders/tiff.c (WriteTIFFImage): WebP compression needs
   295  	PHOTOMETRIC_RGB. Fix wrong rows-per-strip calculation when using
   296  	LZMA compression.
   297  
   298  	* tests/rwblob.tap: Added a rwblob test to verify that lower-case
   299  	magick works.
   300  
   301  	* magick/static.c (OpenModule): Upper case magick string before
   302  	searching static modules list.  Fixes Debian bug 911386
   303  	"libgraphicsmagick-q16-3: graphicsmagick 1.3.30 has made formats
   304  	case-sensitive at the API level".
   305  
   306  	* filters/analyze.c (AnalyzeImage): X and y should be unsigned
   307  	long to match image rows/columns type.  Calculate total pixels by
   308  	simple multiplication rather than counting.
   309  
   310  2018-10-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   311  
   312  	* coders/tiff.c (WriteTIFFImage): Support WebP compression in
   313  	TIFF. This requires a libtiff release after 4.0.9.
   314  
   315  	* magick/image.h ("C"): WebPCompression added to CompressionType
   316  	enumeration.
   317  
   318  2018-10-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   319  
   320  	* configure.ac: Configure for the Zstd library.  Use
   321  	--without-zstd to disable searching for this library.  Libtiff may
   322  	require this library to successfully link so static linkage could
   323  	fail if searching for libzstd is disabled.
   324  
   325  	* magick/image.h ("C"): ZSTDCompression added to CompressionType
   326  	enumeration.
   327  
   328  	* coders/tiff.c (WriteTIFFImage): Support Zstd compression in
   329  	TIFF.  This requires a libtiff release after 4.0.9.
   330  
   331  2018-10-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   332  
   333  	* magick/command.c (GMCommandSingle): Add 'compare' to the list of
   334  	command names that gm will support as a command if copied to or
   335  	linked from that name.  There was already a 'compare' link
   336  	installed when the '--enable-magick-compat' configure option is
   337  	used, but it could not possibly function without being blessed by
   338  	this list.  Related to Debian bug #910652
   339  	"graphicsmagick-imagemagick-compat: Doesn't ship a compare tool".
   340  
   341  2018-09-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   342  
   343  	* Magick++/lib/Magick++/Drawable.h: Block unused-private-field
   344  	warnings from Clang due to _dummy members which were intentionally
   345  	included in some parent class definitions.
   346  
   347  	* magick/widget.c (XEditText): Fix compilation warnings about
   348  	cases which fall-through.
   349  
   350  	* magick/display.c (MagickXAnnotateEditImage): Fix compilation
   351  	warnings about cases which fall-through.
   352  
   353  	* coders/pict.c (WritePICTImage): Add more checks to memory
   354  	allocation calculations.
   355  
   356  	* magick/pixel_cache.c (DestroyCacheInfo): Eliminate intentional
   357  	fall-through logic in switch statement which results in compiler
   358  	warnings.  Eliminate switch statements entirely and split
   359  	unrelated logic.
   360  
   361  	* coders/txt.c (ReadTXTImage): Fix comparison between pointer and
   362  	'\0' rather than NULL as was obviously intended.
   363  
   364  	* coders/msl.c (MSLStartElement): Add missing 'break' statements
   365  	after ThrowException() calls.  Otherwise execution falls through
   366  	into unrelated switch cases and throws a redundant exception.
   367  
   368  2018-09-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   369  
   370  	* coders/meta.c (parse8BIM): Eliminate repeated use of strlen()
   371  	which scans the entire remaining string on each cycle.  Fixes
   372  	oss-fuzz 10667 "graphicsmagick/coder_IPTCTEXT_fuzzer: Timeout in
   373  	graphicsmagick_coder_IPTCTEXT_fuzzer". (Credit to OSS-Fuzz)
   374  
   375  2018-09-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   376  
   377  	* magick/utility.c (MagickGetToken): Fix possible read up to four
   378  	bytes beyond end of stack allocated token buffer.  Fixes oss-fuzz
   379  	10653 "graphicsmagick/coder_MVG_fuzzer: Stack-buffer-overflow in
   380  	MagickGetToken". (Credit to OSS-Fuzz)
   381  
   382  2018-09-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   383  
   384  	* fuzzing/coder_fuzzer.cc (LLVMFuzzerTestOneInput): Limit the
   385  	maximum number of JPEG progressive scans to 50.
   386  
   387  	* coders/jpeg.c (ReadJPEGImage): Apply a default limit of 100
   388  	progressive scans before the reader quits with an error.  This
   389  	limit may be adjusted using the -define mechanism like -define
   390  	JPEG:max-scan-number=500.  Also respond more quickly to files
   391  	which exceed the maximum image dimensions.  Fixes oss-fuzz 10258
   392  	"graphicsmagick/coder_JPEG_fuzzer: Timeout in
   393  	graphicsmagick_coder_JPEG_fuzzer". (Credit to OSS-Fuzz)
   394  
   395  2018-09-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   396  
   397  	* coders/png.c (ReadMNGImage): mng_LOOP chunk must be at least 5
   398  	bytes long.  Fixes oss-fuzz 10455
   399  	"graphicsmagick/coder_MNG_fuzzer: Use-of-uninitialized-value in
   400  	ReadMNGImage". (Credit to OSS-Fuzz)
   401  
   402  2018-09-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   403  
   404  	* magick/render.c (TraceEllipse): Detect arithmetic overflow when
   405  	computing the number of points to allocate for an ellipse.  Fixes
   406  	oss-fuzz 10306 "graphicsmagick/coder_MVG_fuzzer:
   407  	Heap-buffer-overflow in TracePoint". (Credit to OSS-Fuzz)
   408  
   409  2018-09-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   410  
   411  	* magick/attribute.c (GenerateEXIFAttribute): Eliminate undefined
   412  	shift.  Also right-sized involved data types.  Fixes oss-fuzz
   413  	10309 "graphicsmagick/coder_JPG_fuzzer: Undefined-shift in
   414  	Read32s". (Credit to OSS-Fuzz)
   415  
   416  2018-09-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   417  
   418  	* magick/render.c (DrawClipPath): Fix Coverity 319663 "Null
   419  	pointer dereferences".  Totally insignificant.
   420  
   421  	* coders/wpg.c (ReadWPGImage): Mask/fix Coverity 319664 "Error
   422  	handling issues".
   423  
   424  	* magick/attribute.c (FindEXIFAttribute): Change size types from
   425  	signed to unsigned and check for unsigned overflow.
   426  	(GenerateEXIFAttribute): Change size types from signed to unsigned
   427  	and check for unsigned overflow. Fixes oss-fuzz 10283
   428  	"graphicsmagick/coder_JPG_fuzzer: Integer-overflow in
   429  	GenerateEXIFAttribute". (Credit to OSS-Fuzz)
   430  
   431  	* coders/sfw.c (ReadSFWImage): Enforce that file is read using the
   432  	JPEG reader. (Credit to OSS-Fuzz)
   433  
   434  	* coders/miff.c (ReadMIFFImage): Fix leak of 'values' buffer due
   435  	to change made yesterday.
   436  
   437  	* coders/mpc.c (ReadMPCImage): Fix leak of 'values' buffer due to
   438  	change made yesterday.  Fixes oss-fuzz 10277
   439  	"graphicsmagick/coder_MPC_fuzzer: Direct-leak in
   440  	ReadMPCImage". (Credit to OSS-Fuzz)
   441  
   442  2018-09-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   443  
   444  	* coders/miff.c (ReadMIFFImage): Support legacy keyword
   445  	'color-profile' for ICC color profile as was used by ImageMagick
   446  	4.2.9.
   447  
   448  	* coders/mpc.c (ReadMPCImage): Require that first keyword/value be
   449  	id=MagickCache
   450  
   451  	* coders/miff.c (ReadMIFFImage): Require that first keyword/value
   452  	be id=ImageMagick.
   453  
   454  2018-09-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   455  
   456  	* coders/dcm.c (DCM_ReadElement): Add more size checks.
   457  
   458  	* coders/jnx.c (ExtractTileJPG): Enforce that JPEG tiles are read
   459  	by the JPEG coder.  Fixes oss-fuzz 10147
   460  	"graphicsmagick/coder_JNX_fuzzer: Use-of-uninitialized-value in
   461  	funcDCM_PhotometricInterpretation". (Credit to OSS-Fuzz)
   462  
   463  2018-09-10  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   464  
   465  	* coders/wpg.c Zero fill raster error recovery.
   466  
   467  2018-08-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   468  
   469  	* magick/render.c (ConvertPrimitiveToPath): Second attempt to
   470  	prevent heap write overflow of PathInfo array.  Fixes oss-fuzz
   471  	10096 "Heap-buffer-overflow in ConvertPrimitiveToPath". (Credit to
   472  	OSS-Fuzz)
   473  
   474  2018-08-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   475  
   476  	* coders/tiff.c ("QuantumTransferMode"): CIE Log images with an
   477  	alpha channel are not supported.  Fixes oss-fuzz 10013
   478  	"graphicsmagick/coder_TIFF_fuzzer: Use-of-uninitialized-value in
   479  	DisassociateAlphaRegion". (Credit to OSS-Fuzz)
   480  
   481  	* magick/render.c (DrawImage): SetImageAttribute() appends new
   482  	text to any existing value, leading to every increasing memory
   483  	consumption if the existing value is not deleted first by the
   484  	unwary.  Fixes oss-fuzz 9983 "graphicsmagick/coder_MVG_fuzzer:
   485  	Timeout in graphicsmagick_coder_MVG_fuzzer" and oss-fuzz 10016
   486  	"graphicsmagick/coder_MVG_fuzzer: Out-of-memory in
   487  	graphicsmagick_coder_MVG_fuzzer". (Credit to OSS-Fuzz)
   488  
   489  	* magick/utility.c (TranslateTextEx): Fix off-by-one in loop
   490  	bounds check which allowed a one-byte stack write overflow.  Fixes
   491  	oss-fuzz 10055 "graphicsmagick/coder_MVG_fuzzer:
   492  	Stack-buffer-overflow in TranslateTextEx". (Credit to OSS-Fuzz)
   493  
   494  	* magick/render.c (DrawImage): Be more precise about error
   495  	detection and reporting, and return from an error more quickly.
   496  	Also added MAX_DRAWIMAGE_RECURSION pre-processor definition to
   497  	allow adjusting the drawing recursion limit.  The drawing
   498  	recursion limit is still 100, which seems exceptionally generous.
   499  
   500  	* magick/constitute.c (WriteImage): Produce a more useful error
   501  	message if an encoding delegate is not available.
   502  
   503  	* magick/nt_base.h (isnan): Try adding a MSVC replacement for
   504  	missing isnan() function.  Not yet tested.
   505  
   506  2018-08-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   507  
   508  	* coders/wpg.c This should fix intentional 64 bit file offset
   509  	overflow as depictedin OSS-fuzz-9936. Thanks to OSS-Fuzz.
   510  
   511  2018-08-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   512  
   513  	* magick/render.c (ConvertPrimitiveToPath): Need to enlarge
   514  	PathInfo array allocation to avoid possible heap write overflow.
   515  	Fixes oss-fuzz 9651 "graphicsmagick/coder_MVG_fuzzer:
   516  	Heap-buffer-overflow in ConvertPrimitiveToPath". (Credit to
   517  	OSS-Fuzz)
   518  
   519  2018-08-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   520  
   521  	* coders/mpc.c (ReadMPCImage): Insist that the format be
   522  	identified prior to any comment, and that there is only one
   523  	comment.
   524  
   525  	* coders/miff.c (ReadMIFFImage): Insist that the format be
   526  	identified prior to any comment, and that there is only one
   527  	comment.  Fixes oss-fuzz 9979 "graphicsmagick/coder_MIFF_fuzzer:
   528  	Timeout in graphicsmagick_coder_MIFF_fuzzer".  This is not a
   529  	serious issue, but the code runs slowly under UBSAN.  (Credit to
   530  	OSS-Fuzz)
   531  
   532  2018-08-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   533  
   534  	* magick/utility.c (MagickAtoFChk): Add additional validation
   535  	checks for floating point values.  NAN and +/- INFINITY values
   536  	also map to 0.0. Fixes oss-fuzz 9630
   537  	"graphicsmagick/coder_MVG_fuzzer: Integer-overflow in
   538  	IsNexusInCore" and oss-fuzz 9612 "graphicsmagick/coder_MVG_fuzzer:
   539  	Integer-overflow in SetCacheNexus". (Credit to OSS-Fuzz)
   540  
   541  	* magick/render.c (DrawImage): Add missing error-reporting logic
   542  	to return immediately upon memory reallocation failure.  Apply
   543  	memory resource limits to PrimitiveInfo array allocation.  Fixes
   544  	oss-fuzz 9576 "graphicsmagick/coder_MVG_fuzzer: Null-dereference
   545  	READ in DrawImage", oss-fuzz 9593
   546  	"graphicsmagick/coder_MVG_fuzzer: Out-of-memory in
   547  	graphicsmagick_coder_MVG_fuzzer", oss-fuzz 9648
   548  	"graphicsmagick/coder_MVG_fuzzer: Unknown signal in
   549  	DrawImage". (Credit to OSS-Fuzz)
   550  
   551  2018-08-16  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   552  
   553  	* coder/mat.c Explicitly reject non-seekable streams.
   554  
   555  2018-08-15  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   556  
   557  	* coder/mat.c Correctly check GetBlobSize(image) even for zipstreams.
   558  
   559  2018-08-14  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   560  
   561  	* coders/mat.c More aggresive data corruption checking.
   562  
   563  2018-08-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   564  
   565  	* coders/xbm.c (XBMInteger): Limit the number of hex digits parsed
   566  	to avoid signed integer overflow.  Fixes oss-fuzz 9746
   567  	"graphicsmagick/coder_XBM_fuzzer: Undefined-shift in
   568  	XBMInteger". (Credit to OSS-Fuzz)
   569  
   570  2018-08-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   571  
   572  	* coders/mat.c Typecast difference to quantum.
   573  
   574  2018-08-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   575  
   576  	* coders/mat.c (InsertComplexFloatRow): Avoid signed
   577  	overflow. Fixes oss-fuzz 9667 "graphicsmagick/coder_MAT_fuzzer:
   578  	Integer-overflow in InsertComplexFloatRow". (Credit to OSS-Fuzz)
   579  
   580  	* coders/xbm.c (ReadXBMImage): Add validations for row and column
   581  	dimensions.  Fixes oss-fuzz 9736 "graphicsmagick/coder_XBM_fuzzer:
   582  	Out-of-memory in graphicsmagick_coder_XBM_fuzzer". (Credit to
   583  	OSS-Fuzz)
   584  
   585  2018-08-04  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   586  
   587  	* coders/wpg.c Add mechanism to approve embedded subformats in
   588  	WPG.  This should mute oss-fuzz 9559.  (Credit to OSS-Fuzz)
   589  
   590  2018-07-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   591  
   592  	* coders/mvg.c (ReadMVGImage): Fix memory leak added on
   593  	2018-07-21.  Fixes oss-fuzz 9548 "graphicsmagick/coder_MVG_fuzzer:
   594  	Direct-leak in CloneDrawInfo". (Credit to OSS-Fuzz)
   595  
   596  2018-07-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   597  
   598  	* coders/cineon.c (ReadCINEONImage): Fix SourceForge issue 571
   599  	"Unexpected hang on a crafted Cineon image" by detecting and
   600  	quitting on EOF appropriately, and verifying that file size is
   601  	sufficient for claimed pixel dimensions when possible.
   602  
   603  	* fuzzing/oss-fuzz-build.sh, fuzzing/dictionaries/MVG.dict: Added
   604  	MVG fuzzing dictionary by Alex Gaynor.
   605  
   606  2018-07-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   607  
   608  	* magick/pixel_cache.c (SetNexus): For requests one pixel tall,
   609  	SetNexus() was wrongly using pixels in-core rather than using a
   610  	staging area for the case where the nexus rows extend beyond the
   611  	image raster boundary, leading to heap overflow.  This can happen
   612  	when virtual pixels outside the image bounds are accessed.  Fixes
   613  	oss-fuzz 9512 "graphicsmagick/graphicsmagick_coder_MVG_fuzzer:
   614  	Heap-buffer-overflow in AcquireCacheNexus". (Credit to OSS-Fuzz)
   615  
   616  	* magick/render.c (ExtractTokensBetweenPushPop):
   617  	ExtractTokensBetweenPushPop() needs to always return a valid
   618  	pointer into the primitive string.  Fixes oss-fuzz 9511
   619  	"graphicsmagick/graphicsmagick_coder_MVG_fuzzer: Null-dereference
   620  	READ in DrawImage". (Credit to OSS-Fuzz)
   621  	(DrawPolygonPrimitive): Fix leak of polygon set when object is
   622  	completely outside image.  Fixes oss-fuzz 9513
   623  	"graphicsmagick/graphicsmagick_coder_MVG_fuzzer: Direct-leak in
   624  	AllocateThreadViewDataSet". (Credit to OSS-Fuzz)
   625  
   626  2018-07-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   627  
   628  	* magick/blob.c (FileToBlob): Use confirm access APIs to verify
   629  	that read access to this path is allowed by policy.  Check that
   630  	file is a regular file before proceeding to open and read from it.
   631  
   632  	* coders/mvg.c (ReadMVGImage): Don't allow MVG files to side-load
   633  	a file as the drawing primitive using '@' syntax.  Fixes oss-fuzz
   634  	9494 "graphicsmagick/coder_MVG_fuzzer: Sanitizer CHECK failure in
   635  	"((0)) != (0)" (0x0, 0x0)". (Credit to OSS-Fuzz)
   636  
   637  2018-07-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   638  
   639  	* coders/mvg.c (ReadMVGImage): Don't assume that in-memory MVG
   640  	blob is a null-terminated C string. Fixes oss-fuzz 9469
   641  	"graphicsmagick/coder_MVG_fuzzer: Heap-buffer-overflow in
   642  	AllocateString". (Credit to OSS-Fuzz)
   643  
   644  2018-07-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   645  
   646  	* coders/miff.c (ReadMIFFImage): Detect EOF when reading using
   647  	ReadBlobZC() and avoid subsequent heap read overflow.  Fixes
   648  	oss-fuzz 9357 "graphicsmagick/coder_MIFF_fuzzer:
   649  	Heap-buffer-overflow in ImportRGBQuantumType". (Credit to
   650  	OSS-Fuzz)
   651  
   652  2018-07-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   653  
   654  	* fuzzing/oss-fuzz-build.sh (CFLAGS): Try disabling SIMD
   655  	instructions in libjpeg-turbo build.
   656  
   657  2018-07-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   658  
   659  	* coders/png.c (WriteOnePNGImage): Free png_pixels as soon as
   660  	possible.  This might help with oss-fuzz 9334
   661  	"graphicsmagick/coder_PNG8_fuzzer: Direct-leak in
   662  	WriteOnePNGImage", which we have yet to reproduce.  It is not
   663  	clear if png_pixels is being clobbered by longjmp or if something
   664  	else is going on.
   665  
   666  2018-06-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   667  
   668  	* coders/jpeg.c (ReadJPEGImage): Provide a memory resource limit
   669  	(of 1/5th the memory resource limit for Graphicsmagick) to libjpeg
   670  	to limit how much memory it might consume for itself while reading
   671  	a file.  Fixes oss-fuzz 9096 "graphicsmagick/coder_JPEG_fuzzer:
   672  	Timeout in graphicsmagick_coder_JPEG_fuzzer".  (Credit to
   673  	OSS-Fuzz)
   674  	(ReadJPEGImage): Make sure that JPEG pixels array is initialized
   675  	in case libjpeg fails to completely initialize it.  May fix
   676  	oss-fuzz 9115 "graphicsmagick/coder_JPEG_fuzzer:
   677  	Use-of-uninitialized-value in ReadJPEGImage".  We are not sure
   678  	since the problem was not reproduced.  (Credit to OSS-Fuzz)
   679  
   680  2018-06-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   681  
   682  	* version.sh: Update library versioning for 1.3.30 release.
   683  
   684  	* NEWS.txt: Update news for 1.3.30 release.
   685  
   686  2018-06-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   687  
   688  	* coders/dpx.c (ReadDPXImage): Report exception on EOF file
   689  	reading DPX pixel data. Fixes oss-fuzz 8104
   690  	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
   691  	WriteDPXImage", oss-fuzz 8297 "graphicsmagick/enhance_fuzzer:
   692  	Use-of-uninitialized-value in EnhanceImage", and oss-fuzz 8133
   693  	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
   694  	RGBTransformPackets". (Credit to OSS-Fuzz)
   695  
   696  2018-06-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   697  
   698  	* coders/cmyk.c (ReadCMYKImage): Free scanline buffer in error
   699  	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
   700  	gray.c and cmyk.c" reported by Petr Gajdos.
   701  
   702  	* coders/gray.c (ReadGRAYImage): Free scanline buffer in error
   703  	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
   704  	gray.c and cmyk.c" reported by Petr Gajdos.
   705  
   706  	* coders/rgb.c (ReadRGBImage): Free scanline buffer in error
   707  	path. Fixes SourceForge issue #567 "small memory leak in rgb.c,
   708  	gray.c and cmyk.c" reported by Petr Gajdos.
   709  
   710  	* coders/jpeg.c (ReadJPEGImage): Avoid memory leak of profile
   711  	buffer when longjmp-based exception is thrown while reading a
   712  	profile. Fixes oss-fuzz 8957 "graphicsmagick/enhance_fuzzer:
   713  	Direct-leak in ReadGenericProfile". (Credit to OSS-Fuzz)
   714  
   715  2018-06-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   716  
   717  	* coders/xcf.c (load_level): Make sure to free 'tile_image' before
   718  	returning exception.  Fixes oss-fuzz 8935
   719  	"graphicsmagick/coder_XCF_fuzzer: Indirect-leak in
   720  	CloneImage". (Credit to OSS-Fuzz)
   721  
   722  	* coders/jpeg.c (ReadJPEGImage): Allow three warnings of any given
   723  	type before promoting the next warning of the same type to a hard
   724  	error.  The warning limit may be adjusted by the user using
   725  	-define jpeg:max-warnings=<value>.  Fixes oss-fuzz 8704
   726  	"graphicsmagick/coder_JPG_fuzzer: Out-of-memory in
   727  	graphicsmagick_coder_JPG_fuzzer". (Credit to OSS-Fuzz)
   728  
   729  	* coders/png.c (ReadPNGImage): Detect EOF when reading
   730  	magic_number.  Fixes oss-fuzz 8944
   731  	"graphicsmagick/coder_PNG_fuzzer: Use-of-uninitialized-value in
   732  	ReadPNGImage".  (Credit to OSS-Fuzz)
   733  	(ReadPNGImage, ReadJNGImage): Makes sure that return value of
   734  	ReadBlob() is always checked to detect EOF.
   735  
   736  2018-06-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   737  
   738  	* coders/tiff.c (ReadTIFFImage): Re-structure exception reporting
   739  	so that QuantumTransferMode() exceptions thrown for
   740  	PLANARCONFIG_SEPARATE images are handled immediately.  Fixes
   741  	oss-fuzz 8896 "graphicsmagick/coder_BIGTIFF_fuzzer:
   742  	Use-of-uninitialized-value in DisassociateAlphaRegion". (Credit to
   743  	OSS-Fuzz)
   744  	(ReadTIFFImage): tsize_t is a signed type so be prepared for
   745  	unexpected negative values produced by libtiff size functions.
   746  	Fixes oss-fuzz 8934 "graphicsmagick/coder_TIFF_fuzzer: Sanitizer
   747  	CHECK failure in "((0)) != (0)" (0x0, 0x0)". (Credit to OSS-Fuzz)
   748  
   749  2018-06-16  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   750  
   751  	* coders/wpg.c Fix oss-fuzz 7735 "graphicsmagick/coder_WPG_fuzzer:
   752  	Use-of-uninitialized-value in ReadWPGImage".  (Credit to OSS-Fuzz)
   753  
   754  2018-06-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   755  
   756  	* coders/png.c (ReadMNGImage): ENDL chunk must be at least one
   757  	byte in size. Fixes oss-fuzz 8832
   758  	"graphicsmagick/coder_MNG_fuzzer: Null-dereference READ in
   759  	ReadMNGImage". (Credit to OSS-Fuzz)
   760  	(ReadMNGImage): Length of DISC chunk must be evenly divisible by
   761  	2.  Fixes oss-fuzz 8834 "graphicsmagick/coder_MNG_fuzzer:
   762  	Heap-buffer-overflow in ReadMNGImage". (Credit to OSS-Fuzz)
   763  
   764  2018-06-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   765  
   766  	* coders/mpc.c (ReadMPCImage): Detect end of file while reading
   767  	image directory.  Similar to MIFF fixes for ImageMagick
   768  	CVE-2017-18272.
   769  	(RegisterMPCImage): Require seekable stream since MPC is strictly
   770  	a file-based format and so GetBlobSize() is assured to work.
   771  	Similar to MIFF behavior.  Claimed to be part of the resolution
   772  	for ImageMagick CVE CVE-2017-11449. Suggested by Petr Gajdos via
   773  	email on January 3, 2018.
   774  
   775  2018-06-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   776  
   777  	* coders/miff.c (ReadMIFFImage): Detect end of file while reading
   778  	image directory. Fixes SourceForge issue 565 "ImageMagick
   779  	CVE-2017-18272 applies to GraphicsMagick".  Thanks to Petr Gajdos
   780  	for reporting this issue to us.
   781  
   782  	* magick/import.c (ImportViewPixelArea): Use appropriate
   783  	bits_per_sample validations for FloatQuantumSampleType. Fixes
   784  	oss-fuzz 8780 "graphicsmagick/coder_PTIF_fuzzer:
   785  	Use-of-uninitialized-value in HorizontalFilter". (Credit to
   786  	OSS-Fuzz)
   787  
   788  2018-06-09  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   789  
   790  	* coders/mat.c More than 4GiB are not supported in MAT!
   791  
   792  2018-06-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   793  
   794  	* coders/mat.c (ReadMATImage): Add casts to avoid arithmetic
   795  	overflow when computing size and offsets.  Fixes oss-fuzz 8801
   796  	"graphicsmagick/coder_MAT_fuzzer: Timeout in
   797  	graphicsmagick_coder_MAT_fuzzer". (Credit to OSS-Fuzz)
   798  
   799  	* magick/blob.c (ReadBlobLSBDoubles, ReadBlobMSBDoubles): Only
   800  	byte-swap doubles or test doubles for NAN if we have read enough
   801  	bytes for at least one double value.
   802  	(ReadBlob): Add an assertion to enforce that ReadBlob() will never
   803  	report reading more bytes than requested due to some
   804  	implementation issue.
   805  
   806  2018-06-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   807  
   808  	* magick/blob.c (ReadBlob, WriteBlob): gzread(), BZ2_bzread(),
   809  	gzwrite(), BZ2_bzwrite() return type 'int' rather than 'size_t'
   810  	like their stdio equivalents.  Use correct signed type to avoid
   811  	returning a negative value into an unsigned type, forming a huge
   812  	positive value.  Fixes oss-fuzz 8600
   813  	"graphicsmagick/coder_MAT_fuzzer: Heap-buffer-overflow in
   814  	ReadBlobLSBDoubles". (Credit to OSS-Fuzz)
   815  
   816  2018-06-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   817  
   818  	* coders/png.c (png_read_raw_profile): Try to shore up parsing of
   819  	raw profile reading to avoid heap read overruns.  Fixes oss-fuzz
   820  	8763 "graphicsmagick/coder_PNG32_fuzzer: Heap-buffer-overflow in
   821  	png_read_raw_profile". (Credit to OSS-Fuzz)
   822  
   823  2018-06-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   824  
   825  	* coders/mat.c Reduce stack usage for 64 bit architecture.
   826  
   827  2018-06-06  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   828  
   829  	* coders/wpg.c Check return values of SeekBlob for more safety.
   830  
   831  2018-06-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   832  
   833  	* coders/png.c (ReadOneJNGImage): Use DestroyImageList() rather
   834  	than DestroyImage() on returned Image from supposed read of JPEG
   835  	data, in case multiple frames were unexpectedly returned.  Also
   836  	add "JPEG:" prefix to filename when reading from temporary file to
   837  	force that it can only be read as a JPEG file, disabling format
   838  	auto-detection based on file header.  Fixes oss-fuzz 8755
   839  	"graphicsmagick/coder_JNG_fuzzer: Indirect-leak in
   840  	AllocateImage". (Credit to OSS-Fuzz)
   841  
   842  2018-06-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   843  
   844  	* magick/blob.c (EOFBlob): Implement EOF detection for ZipStream.
   845  	Does some archaic zlib not provide gzeof()?  Fixes oss-fuzz 8550
   846  	"graphicsmagick/coder_MAT_fuzzer: Timeout in
   847  	graphicsmagick_coder_MAT_fuzzer". (Credit to OSS-Fuzz)
   848  
   849  2018-06-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   850  
   851  	* coders/png.c (ReadOnePNGImage): Skip adding empty raw profile.
   852  	Fixes oss-fuzz "graphicsmagick/coder_PNG_fuzzer:
   853  	Heap-buffer-overflow in png_read_raw_profile". (Credit to
   854  	OSS-Fuzz)
   855  
   856  2018-06-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   857  
   858  	* NEWS.txt: Update NEWS with latest changes.
   859  
   860  	* coders/dcm.c (DCM_ReadRGBImage): Force the image to DirectClass
   861  	to avoid later use of uninitialized indexes.  Fixes oss-fuzz 8602
   862  	"graphicsmagick/coder_DCM_fuzzer: Use-of-uninitialized-value in
   863  	DCM_PostRescaleImage". (Credit to OSS-Fuzz)
   864  	(DCM_ReadPlanarRGBImage): Force the image to DirectClass to avoid
   865  	later use of uninitialized indexes.
   866  
   867  	* coders/png.c (ReadMNGImage): Free chunk memory in error
   868  	reporting path to avoid leak.  Fixes oss-fuzz 8721
   869  	"graphicsmagick/coder_MNG_fuzzer: Direct-leak in
   870  	ReadMNGImage". (Credit to OSS-Fuzz)
   871  
   872  2018-06-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   873  
   874  	* magick/constitute.c (ReadImage): Assure that an error exception
   875  	is thrown if coder returns null without properly reporting an
   876  	exception.
   877  
   878  	* magick/blob.c (BlobToImage): Assure that an error exception is
   879  	thrown if coder returns null without properly reporting an
   880  	exception.
   881  
   882  	* coders/png.c (ReadMNGImage): Disable mystery "linked list is
   883  	corrupted" code.  Assure that exceptions are reported to the
   884  	correct place so they are not lost.  Fixes oss-fuzz 8710
   885  	"graphicsmagick/coder_MNG_fuzzer: Indirect-leak in
   886  	AllocateImage". (Credit to OSS-Fuzz)
   887  
   888  	* coders/tiff.c (ReadTIFFImage): Initialize allocated scanline,
   889  	strip, or tile to zero in order to avoid complaint about use of
   890  	uninitialized data if libtiff fails to write all the bytes.  Fixes
   891  	oss-fuzz 8551 "graphicsmagick/coder_TIFF_fuzzer:
   892  	Use-of-uninitialized-value in ImportGrayQuantumType". (Credit to
   893  	OSS-Fuzz)
   894  
   895  	* magick/annotate.c (RenderFreetype): Throw an exception if
   896  	DrawInfo font is null.  Should fix oss-fuzz 8557
   897  	"graphicsmagick/coder_PCD_fuzzer: Unknown signal in
   898  	RenderFreetype" and may fix oss-fuzz 8544
   899  	"graphicsmagick/coder_PCD_fuzzer: Null-dereference READ in
   900  	RenderFreetype". (Credit to OSS-Fuzz)
   901  
   902  	* coders/jpeg.c (ReadGenericProfile): Add/improve tracing for
   903  	profile size and when JPEG header is being read.
   904  
   905  2018-06-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   906  
   907  	* coders/png.c (ReadOneJNGImage): Report a useful exception for
   908  	the case when the JNG file fails to provide the necessary image
   909  	chunks to allocate the color image.  Inspired by oss-fuzz 8666
   910  	"graphicsmagick/coder_JNG_fuzzer: ASSERT: data != (const char *)
   911  	NULL" although the reported issue was not reproduced.
   912  
   913  2018-05-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   914  
   915  	* coders/png.c (ReadMNGImage): Fix off-by-one in length validation
   916  	for TERM chunk which allowed one byte heap read overflow.  Fixes
   917  	oss-fuzz 8615 "graphicsmagick/coder_MNG_fuzzer:
   918  	Heap-buffer-overflow in mng_get_long". (Credit to OSS-Fuzz)
   919  	(ReadMNGImage): Fix leak of MngInfo in error reporting path.
   920  	Fixes oss-fuzz 8604 "graphicsmagick/coder_MNG_fuzzer: Direct-leak
   921  	in ReadMNGImage". (Credit to OSS-Fuzz)
   922  	(ReadMNGImage): Verify that claimed chunk size does not exceed
   923  	input size.  Fixes oss-fuzz 8564 "graphicsmagick/coder_MNG_fuzzer:
   924  	Out-of-memory in graphicsmagick_coder_MNG_fuzzer". (Credit to
   925  	OSS-Fuzz)
   926  
   927  	* coders/tiff.c (ReadTIFFImage): Reject files with excessive
   928  	samples-per-pixel or extra-samples. Avoids potential issues
   929  	observed in oss-fuzz 8634 "graphicsmagick/coder_BIGTIFF_fuzzer:
   930  	Undefined-shift in ImportAlphaQuantumType". (Credit to OSS-Fuzz)
   931  
   932  2018-05-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   933  
   934  	* coders/png.c (ReadMNGImage): Assure that object id index is
   935  	always less than MNG_MAX_OBJECTS to avoid overflow.  Fixes
   936  	oss-fuzz 8596 "graphicsmagick/coder_MNG_fuzzer:
   937  	Index-out-of-bounds in ReadMNGImage" and likely other issues yet
   938  	to be reported. (Credit to OSS-Fuzz)
   939  
   940  2018-05-30  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
   941  
   942  	* magick/render.c (CompareEdges): Per ticket #562,
   943  	function CompareEdges() did not conform to the qsort()
   944  	requirement that if CompareEdges(edge0,edge1) returns
   945  	-1 (i.e., edge0 "less than" edge1), then
   946  	CompareEdges(edge1,edge0) should return 1 (edge1
   947  	"greater than" edge0).  This has been fixed.
   948  
   949  2018-05-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   950  
   951  	* coders/png.c (ReadOneJNGImage): Deal with JDAA JNG chunk with
   952  	length zero.  Fixes oss-fuzz 8562
   953  	"graphicsmagick/coder_JNG_fuzzer: ASSERT: data != (const char *)
   954  	NULL". (Credit to OSS-Fuzz)
   955  
   956  	* coders/tiff.c (ReadTIFFImage): Check that the bits-per-sample is
   957  	supported by the implementation before attempting to decode the
   958  	image. Fixes oss-fuzz 8554 "graphicsmagick/coder_BIGTIFF_fuzzer:
   959  	Undefined-shift in MagickBitStreamMSBWrite". (Credit to OSS-Fuzz)
   960  
   961  	* coders/png.c (ReadMNGImage): Eliminate use of uninitialized
   962  	header magic data by checking for EOF first.  Fixes oss-fuzz 8597
   963  	"graphicsmagick/coder_MNG_fuzzer: Use-of-uninitialized-value in
   964  	ReadMNGImage". (Credit to OSS-Fuzz)
   965  
   966  2018-05-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   967  
   968  	* fuzzing/oss-fuzz-build.sh: More fixes based on what is observed
   969  	in oss-fuzz build log.
   970  
   971  2018-05-24  Fojtik Jaroslav  <JaFojtik@seznam.cz>
   972  
   973  	* coders/jnx.c The attribute should belong to only one scene and
   974  	not to whole image list.
   975  
   976  2018-05-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   977  
   978  	* fuzzing/oss-fuzz-build.sh: Changes to add CPPFLAGS to configure
   979  	executions to hopefully get oss-fuzz build closer to success.
   980  
   981  2018-05-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   982  
   983  	* PerlMagick/t/jpeg/read.t: Add a JNX reader test case.
   984  
   985  	* coders/jnx.c (ReadJNXImage): JNX image depth should be 8.
   986  
   987  	* fuzzing/oss-fuzz-build.sh: Apply patch from Alex Gaynor to
   988  	switch libpng to autotools build system, as well as configure
   989  	GraphicsMagick with '--with-quantum-depth=16'.
   990  
   991  2018-05-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
   992  
   993  	* coders/tiff.c (ReadTIFFImage): Validate tile memory requests for
   994  	the TIFFReadRGBATile() case in the same way as the TIFFReadTile()
   995  	case.  Fixes oss-fuzz 8434 "graphicsmagick/coder_BIGTIFF_fuzzer:
   996  	Out-of-memory in graphicsmagick_coder_BIGTIFF_fuzzer". (Credit to
   997  	OSS-Fuzz)
   998  
   999  2018-05-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1000  
  1001  	* coders/tile.c (ReadTILEImage): Remove any existing size request
  1002  	when while image to tile.  This avoids size being used for both
  1003  	the input image size and the tile image size.  Fixes SourceForge
  1004  	issue #563 "tile:<image> appears to blow image up by 100% before
  1005  	applying tiling".
  1006  
  1007  2018-05-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1008  
  1009  	* fuzzing/oss-fuzz-build.sh: Patch from Paul Kehrer to disable
  1010  	libpng test programs and binaries while building libpng in support
  1011  	of oss-fuzz testing.
  1012  
  1013  	* coders/dcm.c (DCM_ReadGrayscaleImage): If a palette was
  1014  	provided, the image may be in PseudoClass but we need DirectClass
  1015  	for gray image when GRAYSCALE_USES_PALETTE is not defined.  Fixes
  1016  	oss-fuzz 7550 "graphicsmagick/coder_DCM_fuzzer:
  1017  	Use-of-uninitialized-value in SyncImageCallBack". (Credit to
  1018  	OSS-Fuzz)
  1019  	(ReadDCMImage): Restore use of DCM_PostRescaleImage() in order to
  1020  	obtain suitably scaled DICOM again.  Hopefully it is more robust
  1021  	now.
  1022  	(DCM_ReadPaletteImage): Assure that DirectClass pixels are
  1023  	initialized.
  1024  
  1025  2018-05-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1026  
  1027  	* coders/tiff.c (ReadTIFFImage): Remove strange addition of
  1028  	image->columns to pixel buffer offsets which now causes a heap
  1029  	overflow since the buffer has been right-sized.  Perhaps the extra
  1030  	offset plus the over-sized allocation was some attempt to avoid
  1031  	buffer over/underflows due to bugs in libtiff. Fixes oss-fuzz 8384
  1032  	"graphicsmagick/coder_BIGTIFF_fuzzer: Heap-buffer-overflow in
  1033  	put1bitbwtile" which is described to be a regression. (Credit to
  1034  	OSS-Fuzz)
  1035  
  1036  	* magick/render.c (DrawImage): Fix wrong range checks which caused
  1037  	spurious "Parsing of SVG images fail with "Non-conforming drawing
  1038  	primitive definition (push)" failure.  Fixes SourceForge issue 561
  1039  	"Parsing of SVG images fail with "Non-conforming drawing primitive
  1040  	definition (push)"" which is due to problems caused by the fix for
  1041  	SourceForge issue 517.
  1042  
  1043  	* coders/tiff.c (WritePTIFImage): Use '-define
  1044  	ptif:minimum-geometry=<geometry>' to specify the smallest
  1045  	subresolution frame which is produced by the PTIF (Pyramid TIFF)
  1046  	writer.
  1047  
  1048  2018-05-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1049  
  1050  	* coders/tiff.c (WritePTIFImage): Allow 1x1 input image to be
  1051  	supported.
  1052  
  1053  	* coders/png.c (ReadOneJNGImage): Unconditionally free JDAT chunk
  1054  	memory.  Fixes oss-fuzz 8366 "graphicsmagick/coder_JNG_fuzzer:
  1055  	Direct-leak in ReadOneJNGImage". (Credit to OSS-Fuzz)
  1056  
  1057  	* coders/tiff.c (WritePTIFImage): Fix leak of pyramid Image list
  1058  	if ResizeImage() fails.  Fixes oss-fuzz 8364
  1059  	"graphicsmagick/coder_PTIF_fuzzer: Indirect-leak in
  1060  	CloneImage". (Credit to OSS-Fuzz)
  1061  
  1062  2018-05-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1063  
  1064  	* coders/tiff.c (WriteTIFFImage): Add and use
  1065  	ThrowTIFFWriterException() macro to consistently clean-up when
  1066  	throwing writer exception.  May fix oss-fuzz 8321
  1067  	"graphicsmagick/coder_EPT_fuzzer: Direct-leak in
  1068  	TIFFClientOpen". (Credit to OSS-Fuzz)
  1069  	(ReadTIFFImage): Add and use ThrowTIFFReaderException() macro to
  1070  	consistently clean-up when throwing reader exception.
  1071  
  1072  2018-05-16  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1073  
  1074  	* magick/alpha_composite.h (AlphaCompositePixel): The
  1075  	macro definition for MagickAlphaCompositeQuantum in
  1076  	alpha_composite.h computes an expression of the form:
  1077  
  1078  	a * b + c * d * e
  1079  
  1080  	Code in function AlphaCompositePixel() (also in
  1081  	alpha_composite.h) multiplies the result of this macro
  1082  	by variable "delta" as follows:
  1083  
  1084  	delta * a * b + c * d * e
  1085  
  1086  	However, the intended result is actually:
  1087  
  1088  	delta * ( a * b + c * d * e )
  1089  
  1090  	The macro definition has been modified to enclose the
  1091  	entire expression in parentheses.
  1092  
  1093  	The effects of this bug were particularly evident at the
  1094  	boundary between a stroked polygon and a transparent
  1095  	black region. More generally, an incorrect composited
  1096  	pixel value was being computed by AlphaCompositePixel()
  1097  	whenever the output alpha value was not 100% opaque.
  1098  
  1099  2018-05-16  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1100  
  1101  	* tests/rwblob.tap: Add a test for PTIF format.
  1102  
  1103  	* coders/tiff.c (WritePTIFImage): Fix Image blob referencing in
  1104  	order to avoid double-free when writing PTIF to memory BLOB. Fixes
  1105  	oss-fuzz 8280 "graphicsmagick/coder_PTIF_fuzzer: Heap-double-free
  1106  	in Magick::BlobRef::~BlobRef". (Credit to OSS-Fuzz)
  1107  
  1108  2018-05-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1109  
  1110  	* coders/tiff.c (WriteTIFFImage): Use libtiff's
  1111  	TIFFDefaultStripSize() function rather than an old porting macro
  1112  	required by some defunct libtiff version.  Expected to fix
  1113  	oss-fuzz 8248 "graphicsmagick/coder_EPT_fuzzer:
  1114  	Floating-point-exception in WriteTIFFImage". (Credit to OSS-Fuzz)
  1115  
  1116  2018-05-13  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1117  
  1118  	* coders/mat.c Fix potentional leak when compressed object is
  1119  	corrupted. Fixes oss-fuzz 8251 (Credit to OSS-Fuzz)
  1120  
  1121  2018-05-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1122  
  1123  	* coders/tiff.c (ReadTIFFImage): Fix leak of Image when
  1124  	TIFFReadRGBAImage() reports failure.  Also harden buffer
  1125  	allocation calculation.  Fixes oss-fuzz 8275
  1126  	"graphicsmagick/coder_BIGTIFF_fuzzer: Indirect-leak in
  1127  	AllocateImage". (Credit to OSS-Fuzz)
  1128  
  1129  	* coders/ept.c (ReadEPTImage): Add validations of 'count' and
  1130  	'filesize' read from EPT file. In response to oss-fuzz 8248
  1131  	"graphicsmagick/coder_EPT_fuzzer: Floating-point-exception in
  1132  	WriteTIFFImage" but we are unable to recreate the oss-fuzz issue
  1133  	since the EPT reader already immediately reports an EOF exception.
  1134  
  1135  2018-05-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1136  
  1137  	* fuzzing/oss-fuzz-build.sh: Apply SourceForge patch #57 "Add
  1138  	fuzzing support for jpeg + freetype delegates" by Alex Gaynor.
  1139  
  1140  	* coders/png.c (read_user_chunk_callback): Fix memory leak and use
  1141  	of uninitialized memory when handling eXIf chunk. Fixes oss-fuzz
  1142  	8247 "graphicsmagick/coder_PNG24_fuzzer: Direct-leak in
  1143  	png_malloc". (Credit to OSS-Fuzz)
  1144  
  1145  2018-05-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1146  
  1147  	* fuzzing/oss-fuzz-build.sh: Apply SourceForge patch #56 "Use a
  1148  	few delegate libraries in fuzzing" by Alex Gaynor.
  1149  
  1150  2018-05-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1151  
  1152  	* tests/rwfile.tap: MIFF zip and bzip compression tests do not
  1153  	fail if zlib and bzlib are not available because the compression
  1154  	request is silently changed to no compression.
  1155  
  1156  2018-05-07  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1157  
  1158  	* magick/render.c (DrawImage, InsertAttributeIntoInputStream):
  1159  	For a reference such as 'class="classname"', the "classname"
  1160  	is now allowed to be undefined.
  1161  
  1162  	* coders.svg.c (ProcessStyleClassDefs): Class definitions
  1163  	defined within a <style> block may now be empty.
  1164  
  1165  	* These relaxed conditions are not specifically called out in
  1166  	the SVG spec as being either acceptable or unacceptable, but
  1167  	other SVG renderers (e.g., Chrome) handle them this way. These
  1168  	changes do not resolve, but are related to, ticket #307.
  1169  
  1170  2018-05-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1171  
  1172  	* utilities/Makefile.am (utilities/tests/montage.log): Fix
  1173  	dependency rule so that effects.tap is fully executed before
  1174  	execution of montage.tap starts.
  1175  
  1176  2018-05-04  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1177  
  1178  	* magick/render.c (DrawImage, TraceXXX): The PrimitiveInfo
  1179  	array used to store points generated by TraceEllipse(), the
  1180  	other TraceXXX() functions, and DrawImage() was not always
  1181  	being expanded when needed, resulting in writes beyond the
  1182  	end of the currently allocated storage. To fix this problem,
  1183  	a new data structure PrimitiveInfoMgr, and an associated
  1184  	function, PrimtiveInfoRealloc(), were written to handle
  1185  	expanding the PrimitiveInfo array as needed. DrawImage() and
  1186  	the TraceXXX() functions were modified to prevent the out of
  1187  	bounds writes to memory. This fixes ticket #516.
  1188  
  1189  2018-05-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1190  
  1191  	* coders/png.c (ReadOneJNGImage): Add more JNG chunk
  1192  	validations. Fixes an issue reported by "Trace Probe" via a
  1193  	follow-up post to SourceForge issue 437 "assertion failure in
  1194  	WriteBlob", although the issue described was not reproduced.
  1195  
  1196  	* coders/meta.c (ReadMETAImage): Detect and report 8BIMTEXT and
  1197  	8BIMWTEXT decoding problems.  Fixes oss-fuzz 8125
  1198  	"graphicsmagick/coder_8BIMTEXT_fuzzer: Use-of-uninitialized-value
  1199  	in format8BIM". (Credit to OSS-Fuzz)
  1200  
  1201  2018-05-02  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1202  
  1203  	* magick/render.c (TraceStrokePolygon): Excessively
  1204  	large values of stroke-width were cascading through
  1205  	other computations, causing the function to write beyond
  1206  	the end of it's array of points when the stroke-linejoin
  1207  	attribute value was "round". Code was added to reallocate
  1208  	the array of points as needed, and to limit the size of
  1209  	stroke-width (for computational purposes) to no more than
  1210  	approximately twice the diagonal size of the output image.
  1211  	Fixes ticket #515.
  1212  
  1213  	* The same limit on stroke-width was applied to all other
  1214  	instances of the same computation in render.c.
  1215  
  1216  2018-05-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1217  
  1218  	* This change set fixes ticket #471.
  1219  
  1220  	* magick/render.c (DrawImage): Polylines with fewer
  1221  	than two points were being flagged as an error. The
  1222  	SVG spec has no such restriction (fixed).
  1223  
  1224  	* coders/svg.c (SVGStartElement) Inner <svg> elements
  1225  	could modify the output image dimensions if a geometry
  1226  	string was supplied. Now the output image dimensions
  1227  	are determined by the outermost <svg> only.
  1228  
  1229  2018-05-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1230  
  1231  	* magick/render.c (TraceEllipse, TraceRectangle,
  1232  	TraceRoundRectangle): Per the SVG spec, rectangles and
  1233  	round rectangles having a width or height of zero are
  1234  	not rendered. Also per the spec, ellipses having an x
  1235  	or y radius of zero are not rendered.  Fixes ticket #457.
  1236  
  1237  2018-04-30  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1238  
  1239  	* magick/render.h, (PrimitiveInfo), magick/render.c: Added
  1240  	member "flags" to PrimitiveInfo to support indicating closed
  1241  	shapes (e.g., rectangle, circle, path closed using 'z' or 'Z').
  1242  	Updated code in render.c (functions TraceXXX) to indicate
  1243  	closed shapes.  This replaces the previous policy of detecing
  1244  	closed shapes by comparing the first and last points to see if
  1245  	they are identical (within MagickEpsilon). The old policy
  1246  	prevented open subpaths with the same first and last point from
  1247  	being rendered properly (per the SVG spec) when round or square
  1248  	endcaps were enabled.  Part of the fix for ticket #322.
  1249  
  1250  	* magick/render.c (ConvertPrimitiveToPath): Modified duplicate
  1251  	point elimination code so that the first and last points of
  1252  	a subpath are always preserved.  Consequences: (1) Allows
  1253  	for the correct rendering of the sequence "move x1 y1 line
  1254  	x1 y1" with round or square endcaps.  Part of the fix for
  1255  	ticket #322. (2) Fixes a bug in which eliminating the last
  1256  	point as a duplicate caused a closed shape to no longer be
  1257  	closed. This would manifest itself, for example, as a small
  1258  	"nub" on the boundary of a filled circle.
  1259  
  1260  	* magick/render.c (GetPixelOpacity): Fixed a bug in the
  1261  	code that computed the distance between a point and a
  1262  	segment (polygon edge).  Prior to this fix, for zero length
  1263  	segments this code would generate a divide-by-zero and
  1264  	incorrect output. Part of the fix for ticket #322.
  1265  
  1266  	* magick/render.c (DrawPolygonPrimitive): Polygons/paths with
  1267  	zero or one points are no longer rendered per the SVG spec.
  1268  
  1269  	* magick/render.c (DrawStrokePolygon): Per the SVG spec, a
  1270  	polygon consisting of a single move-to command is not stroked.
  1271  
  1272  	* magick/render.c (TracePath): Per the SVG spec, if the
  1273  	endpoints (x1, y1) and (x2, y2) of an arc subpath are identical,
  1274  	then this is equivalent to omitting the elliptical arc segment
  1275  	entirely.  For rendering purposes the zero length arc is
  1276  	treated like a zero length "line to" command to the current
  1277  	point.
  1278  
  1279  	* magick/render.c (TraceStrokePolygon): Added code to detect
  1280  	zero length open subpaths and return a stroked polygon containing
  1281  	no points when round or square endcaps are not enabled.  This
  1282  	satisfies the SVG spec requirement that zero length subpaths are
  1283  	only stroked if the 'stroke-linecap' property has a value of
  1284  	round or square.
  1285  
  1286  	* magick/render.c (TracePath): Fixed a bug in which if a "move to"
  1287  	command was followed by additional pairs of points, indicating
  1288  	implied "line to" commands, each point was added twice.
  1289  
  1290  2018-04-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1291  
  1292  	* coders/pcx.c (ReadPCXImage): Colormap from PCX header is only
  1293  	used if colors <= 16. Determination of DirectClass image was
  1294  	wrong.  Fixes oss-fuzz 8093 "graphicsmagick/coder_PCX_fuzzer:
  1295  	Use-of-uninitialized-value in IsMonochromeImage". (Credit to
  1296  	OSS-Fuzz)
  1297  
  1298  2018-04-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1299  
  1300  	* version.sh: Updates to prepare for the 1.3.29 release.
  1301  
  1302  	* coders/pict.c (DecodeImage): Assure that scanline is initialized
  1303  	to avoid use of uninitialized data.  Fixes oss-fuzz 8063
  1304  	"graphicsmagick/coder_WPG_fuzzer: Use-of-uninitialized-value in
  1305  	ReadPICTImage". (Credit to OSS-Fuzz)
  1306  
  1307  	* coders/dpx.c (ReadDPXImage): Assure that NULL pixels is not
  1308  	used.  Fixes oss-fuzz 8078 "graphicsmagick/coder_DPX_fuzzer:
  1309  	Null-dereference WRITE in ReadDPXImage". (Credit to OSS-Fuzz)
  1310  
  1311  	* NEWS.txt: Update NEWS file with information about changes since
  1312  	last release.
  1313  
  1314  2018-04-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1315  
  1316  	* coders/dib.c (ReadDIBImage): Disable EOF tests for "ICODIB"
  1317  	subformat due to icon file provided by SourceForge issue #557
  1318  	"ErrorCorruptImage: Magick: Unexpected end-of-file ()" where an
  1319  	EOF error was reported due to no mask data being supplied.
  1320  
  1321  	* coders/png.c (ReadOneJNGImage): The embedded JPEG image is
  1322  	required to have the same dimensions as the JNG image as provided
  1323  	by JHDR.  Fixes SourceForge bug 555 "heap-buffer-overflow in
  1324  	AcquireCacheNexus when processing jng file".  It is likely that
  1325  	this issue is precipitated by using 'montage' which seems to set a
  1326  	default non-zero image size.
  1327  	(ReadMNGImage): By default limit the maximum loops specifiable by
  1328  	the MNG LOOP chunk to 512 loops, but allow this to be modified by
  1329  	'-define mng:maximum-loops=value'.  Also assure that the value is
  1330  	in the range of 0-2147483647 as per the MNG specification.  This
  1331  	is to address the denial of service issue described by
  1332  	CVE-2018-10177.  This problem was reported to us by Petr Gajdos
  1333  	via email on Fri, 20 Apr 2018.
  1334  
  1335  	* coders/dpx.c (ReadDPXImage): Move misplaced channel validation
  1336  	code.  Fixes oss-fuzz 8041 "graphicsmagick/coder_DPX_fuzzer:
  1337  	Use-of-uninitialized-value in WriteDPXImage" and oss-fuzz 8055
  1338  	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
  1339  	EnhanceImage". (Credit to OSS-Fuzz)
  1340  
  1341  2018-04-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1342  
  1343  	* coders/xpm.c (StringToListMod): Algorithm fixes to fix use of
  1344  	uninitialized data.  Fixes oss-fuzz 8046
  1345  	"graphicsmagick/coder_XPM_fuzzer: Use-of-uninitialized-value in
  1346  	StringToListMod". (Credit to OSS-Fuzz)
  1347  
  1348  2018-04-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1349  
  1350  	* coders/xpm.c (ReadXPMImage): Reduce memory consumption further.
  1351  	Hopefully fixes oss-fuzz 8013 "graphicsmagick/coder_XPM_fuzzer:
  1352  	Out-of-memory in graphicsmagick_coder_XPM_fuzzer". (Credit to
  1353  	OSS-Fuzz)
  1354  
  1355  	* magick/utility.c (StringToList): Only allocate the memory
  1356  	required when converting string to an ASCII list.  May or may not
  1357  	fix oss-fuzz 8013 "graphicsmagick/coder_XPM_fuzzer: Out-of-memory
  1358  	in graphicsmagick_coder_XPM_fuzzer". (Credit to OSS-Fuzz)
  1359  
  1360  2018-04-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1361  
  1362  	* coders/bmp.c (ReadBMPImage): Fix benign use of uninitialized
  1363  	data when testing header magick.  Fixes oss-fuzz 7980
  1364  	"graphicsmagick/coder_BMP_fuzzer: Use-of-uninitialized-value in
  1365  	LocaleNCompare". (Credit to OSS-Fuzz)
  1366  
  1367  	* coders/dpx.c (ReadDPXImage): ColorDifferenceCbCr does require
  1368  	even image width. Fixes oss-fuzz 7966
  1369  	"graphicsmagick/coder_DPX_fuzzer: Unknown signal in
  1370  	TentUpsampleChroma". (Credit to OSS-Fuzz)
  1371  
  1372  2018-04-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1373  
  1374  	* coders/dpx.c (ReadDPXImage): ColorDifferenceCbCr element
  1375  	requires two samples/pixel, not one. Fixes oss-fuzz 7951
  1376  	"graphicsmagick/coder_DPX_fuzzer: Heap-buffer-overflow in
  1377  	ReadDPXImage". (Credit to OSS-Fuzz)
  1378  
  1379  2018-04-22  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1380  
  1381  	* coders/pdb.c (ReadPDBImage): Assure that pixels buffer is
  1382  	initialized.  Fixes oss-fuzz 7937
  1383  	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
  1384  	ReadPDBImage". (Credit to OSS-Fuzz)
  1385  
  1386  	* coders/mvg.c (ReadMVGImage): Assure that MVG viewbox parameters
  1387  	were supplied.  Fixes oss-fuzz 7936
  1388  	"graphicsmagick/coder_MVG_fuzzer: Use-of-uninitialized-value in
  1389  	ReadMVGImage". (Credit to OSS-Fuzz)
  1390  
  1391  	* coders/dpx.c (ReadDPXImage): Element descriptors CbYCrY422 and
  1392  	CbYACrYA4224 require that the image width be evenly divisible by 2
  1393  	so enforce that.  Fixes oss-fuzz 7935
  1394  	"graphicsmagick/coder_DPX_fuzzer: Heap-buffer-overflow in
  1395  	ReadDPXImage". (Credit to OSS-Fuzz)
  1396  
  1397  2018-04-21  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1398  
  1399  	* coders/dpx.c (ReadDPXImage): Reject DPX files which claim to use
  1400  	signed data.  Fixes oss-fuzz 7758
  1401  	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
  1402  	WriteDPXImage". (Credit to OSS-Fuzz)
  1403  	(ReadDPXImage): Validate that the image elements do update all of
  1404  	the channels, including the alpha channel.  Now report an error if
  1405  	a color channel is missing.  Fixes oss-fuzz 7758
  1406  	"graphicsmagick/coder_DPX_fuzzer: Use-of-uninitialized-value in
  1407  	WriteDPXImage".
  1408  
  1409  	* coders/gif.c (DecodeImage): Finally fix oss-fuzz 7732
  1410  	"graphicsmagick/coder_GIF_fuzzer: Heap-buffer-overflow in
  1411  	DecodeImage" which was not actually fixed with previous
  1412  	changes. (Credit to OSS-Fuzz)
  1413  
  1414  2018-04-21  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1415  
  1416  	* coders/topol.c Emit error when tile storage overflows image data;
  1417          fixes oss-fuzz 7769 thanks to oss-fuzz.
  1418  
  1419  2018-04-20  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1420  
  1421  	* magick/render.c (ConvertPrimitiveToPath):  Fixed a bug
  1422  	in which SVG paths containing multiple open subpaths were
  1423  	not being processed correctly, resulting in incorrect
  1424  	output.  This fixes ticket #94.
  1425  
  1426  2018-04-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1427  
  1428  	* coders/gif.c (DecodeImage): Fix use of uninitialized memory
  1429  	during error condition in decoder. Fixes oss-fuzz 7732
  1430  	"graphicsmagick/coder_GIF_fuzzer: Heap-buffer-overflow in
  1431  	DecodeImage". (Credit to OSS-Fuzz)
  1432  
  1433  	* coders/txt.c (ReadTXTImage): Assure that all image pixels are
  1434  	initialized to black.
  1435  
  1436  	* Magick++/demo/zoom.cpp (main): Add a -read-blob option to read
  1437  	input file into a Blob so that it is read by the Blob reader
  1438  	rather than the file reader.  Default the output Geometry to the
  1439  	input image geometry in case the user does not specify a resize
  1440  	resolution or geometry.
  1441  
  1442  	* Magick++/tests/readWriteBlob.cpp (main): Improve the quality of
  1443  	code which reads a file into memory for Blob testing.
  1444  
  1445  	* magick/blob.c (BlobToImage): Add exception reports for the cases
  1446  	where 'magick' was not set and the file format could not be
  1447  	deduced from its header.  Previously a null Image pointer was
  1448  	being returned without any exception being thrown.
  1449  
  1450  2018-04-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1451  
  1452  	* coders/dpx.c (ReadDPXImage): Assure that CbCr layer initializes
  1453  	all channels if it is the first element of a planar DPX.  Fixes
  1454  	oss-fuzz 7703 "graphicsmagick/coder_DPX_fuzzer:
  1455  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  1456  
  1457  	* coders/pict.c (ReadPICTImage): Don't refer to filename member of
  1458  	ImageInfo which was just destroyed. Much thanks to Alex Gaynor for
  1459  	finding this.  Should fix oss-fuzz 6867
  1460  	"graphicsmagick/coder_PCT_fuzzer: Heap-use-after-free in
  1461  	GetLocaleExceptionMessage". (Credit to OSS-Fuzz).
  1462  
  1463  2018-04-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1464  
  1465  	* coders/sgi.c (ReadSGIImage): Assure that iris pixels are fully
  1466  	initialized.  Fixes oss-fuzz 7543
  1467  	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
  1468  	SGIEncode". (Credit to OSS-Fuzz).
  1469  
  1470  	* coders/xcf.c (ReadXCFImage): Restore SetImage() which was
  1471  	previously commented out.  This is needed to assure initialized
  1472  	pixels.  Fixes oss-fuzz 7430 "graphicsmagick/coder_XCF_fuzzer:
  1473  	Use-of-uninitialized-value in AlphaCompositePixel". (Credit to
  1474  	OSS-Fuzz).
  1475  
  1476  	* coders/pict.c (ReadPICTImage): Properly initialize "black
  1477  	canvas" that tiles may be composed on.  Fixes oss-fuzz 7574
  1478  	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
  1479  	EnhanceImage". (Credit to OSS-Fuzz).
  1480  
  1481  	* coders/rle.c (ReadRLEImage): Check for EOF when reading comment.
  1482  	Fixes oss-fuzz 7667 "graphicsmagick/coder_RLE_fuzzer:
  1483  	Use-of-uninitialized-value in ReadRLEImage". (Credit to OSS-Fuzz).
  1484  
  1485  	* coders/pdb.c (WritePDBImage): Avoid use of uninitialized
  1486  	bytes. Fixes oss-fuzz 7638 "graphicsmagick/coder_PDB_fuzzer:
  1487  	Use-of-uninitialized-value in WritePDBImage". (Credit to
  1488  	OSS-Fuzz).
  1489  
  1490  	* coders/rla.c (ReadRLAImage): Add many more validations,
  1491  	including scanline offsets and number of channels.  Fixes oss-fuzz
  1492  	7653 "graphicsmagick/coder_RLA_fuzzer: Timeout in
  1493  	graphicsmagick_coder_RLA_fuzzer". (Credit to OSS-Fuzz).
  1494  
  1495  	* coders/txt.c (ReadTXTImage): Implement missing subrange logic to
  1496  	read only the specified range of frames.  Limits frames read from
  1497  	oss-fuzz test case
  1498  	clusterfuzz-testcase-minimized-coder_TEXT_fuzzer-6061076048248832
  1499  	"graphicsmagick/coder_TEXT_fuzzer: Timeout in
  1500  	graphicsmagick_coder_TEXT_fuzzer". (Credit to OSS-Fuzz).
  1501  
  1502  	* Magick++/lib/Image.cpp (read): Set subrange = 1 since this
  1503  	interface is intended to read just one frame from the input file.
  1504  	Use the STL-based interfaces to read multiple frames.
  1505  
  1506  	* coders/fits.c (ReadFITSImage): Verify FITS header before reading
  1507  	further.  Rejects file from oss-fuzz 7650
  1508  	"graphicsmagick/coder_FITS_fuzzer: Out-of-memory in
  1509  	graphicsmagick_coder_FITS_fuzzer".  (Credit to OSS-Fuzz).
  1510  
  1511  	* PerlMagick/Magick.xs (Get): Fix PerlMagick compilation problem
  1512  	due to rename/repurposing of image->clip_mask.
  1513  
  1514  2018-04-13  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1515  
  1516  	* magick/image.c, magick/image.h:  In order to be able to
  1517  	support SVG masks, and to be able to further extend the
  1518  	Image data structure without changing its size, new data
  1519  	structure ImageExtra (struct _ImageExtra) has been added.
  1520  	Header file image.h contains only a forward declaration;
  1521  	the members of ImageExtra are defined in file image.c.
  1522  	Image member variable Image * clip_mask has been replaced
  1523  	by ImageExtra * extra, and function prototypes that enable
  1524  	access to ImageExtra have been added to image.h.  The
  1525  	clip_mask member variable now resides in ImageExtra.  All
  1526  	references to Image::clip_mask in the GraphicsMagick
  1527  	source code have either been replaced with direct references
  1528  	to ImageExtra::clip_mask (image.c), or have been replaced
  1529  	with calls to access function ImageGetClipMask().
  1530  
  1531  	* magick/render.c, magick/render.h:  In order to be able to
  1532  	support SVG masks, and to be able to further extend the
  1533  	DrawInfo data structure without changing its size, new data
  1534  	structure DrawInfoExtra (struct _DrawInfoExtra) has been added.
  1535  	Header file render.h contains only a forward declaration;
  1536  	the members of DrawInfoExtra are defined in file render.c.
  1537  	DrawInfo member variable char * clip_path has been replaced by
  1538  	DrawInfoExtra * extra, and function prototypes that enable
  1539  	access to DrawInfoExtra have been added to render.h.  The
  1540  	clip_path member variable now resides in ImageExtra.  All
  1541  	references to DrawInfo::clip_path in the GraphicsMagick
  1542  	source code have either been replaced with direct references
  1543  	to DrawInfoExtra::clip_path (render.c), or have been
  1544  	replaced with calls to access function DrawInfoGetClipPath().
  1545  
  1546  	* magick/image.c (new functions CompositePathImage,
  1547  	CompositeMaskImage, GetImageCompositeMask,
  1548  	SetImageCompositeMask):  Defined new data structure ImageExtra,
  1549  	added create/destroy logic, and implemented associated access
  1550  	functions.  Implemented SVG masks.
  1551  
  1552  	* magick/render.c (DrawImage, new function DrawCompositeMask):
  1553  	Defined new data structure DrawInfoExtra, added create/destroy
  1554  	logic, and implemented associated access functions.  Impemented
  1555  	SVG masks.
  1556  
  1557  	* magick/pixel_cache.c (SyncCacheNexus, new function
  1558  	CompositeCacheNexus):  Fixed references to Image::clip_mask.
  1559  	Implemented SVG masks.
  1560  
  1561  	* coders/svg.c (SVGStartElement, SVGEndElement): Implemented
  1562  	SVG masks.
  1563  
  1564  	* locale/c.mgk, magick/gm_messages.mc, magick/local_c.h:
  1565  	Added new error codes to support SVG masks.
  1566  
  1567  	* coders/ps3.c, magick/enhance.c: Fixed references to
  1568  	Image::clip_mask.
  1569  
  1570  	* magick/draw.c, wand/drawing_wand.c: Fixed references to
  1571  	DrawInfo::clip_path.
  1572  
  1573  2018-04-13  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1574  
  1575  	* coders/wpg.c Crash on row overflow fixed oss-fuzz 7639 thanks to oss-fuzz.
  1576  
  1577  2018-04-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1578  
  1579  	* coders/dpx.c (ReadDPXImage): Add more header validations.
  1580  	Always assure that scanline is initialized for Luma channel. Fixes
  1581  	oss-fuzz 7544 "graphicsmagick/coder_DPX_fuzzer:
  1582  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  1583  
  1584  	* coders/pdb.c (ReadPDBImage): Add more EOF checks to avoid benign
  1585  	use of uninitialized data.  Fixes oss-fuzz 7545
  1586  	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
  1587  	ReadPDBImage".
  1588  
  1589  	* coders/wpg.c (InsertRow, UnpackWPGRaster): x & y should be
  1590  	'unsigned long' to match type used by pixel cache APIs and image
  1591  	rows/columns.
  1592  
  1593  2018-04-08  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1594  
  1595  	* coders/wpg.c Stop reading when last row is reached.
  1596  	This should stop oss-fuzz 7528 thanks to oss-fuzz.
  1597  
  1598  
  1599  2018-04-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1600  
  1601  	* coders/xcf.c (ReadXCFImage): Fix use of uninitialized data in
  1602  	magick header string for runt file.  Fixes oss-fuzz 7521
  1603  	"graphicsmagick/coder_XCF_fuzzer: Use-of-uninitialized-value in
  1604  	LocaleNCompare". (Credit to OSS-Fuzz).
  1605  
  1606  2018-04-09  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1607  
  1608  	* OVERVIEW: Change set 9aaeeca0224c modified the drawing
  1609  	of clipping paths to conform to the SVG spec.  This change
  1610  	set restores the previous behavior for non-SVG clients of
  1611  	render.c, while still satisfying the SVG spec for SVG clients.
  1612  
  1613  	* magick/render.h (DrawInfo): Added a bit field in member
  1614  	"flags" to indicate that drawing should be SVG compliant.
  1615  
  1616  	* magick/render.c (DrawImage): Now recognizes keyword
  1617  	"svg-compliant", and tags DrawInfo accordingly.  This
  1618  	allows for existing features in render.c to be changed
  1619  	to comply with the SVG spec without impacting the previous
  1620  	behavior expected by non-SVG clients.
  1621  
  1622  	* magick/render.c (DrawImage): Now uses DrawInfo "flags"
  1623  	bit for SVG compliance in conjunction with "flags" bit
  1624  	for "clipping path" to determine when to ignore changes
  1625  	to fill color, stroke color, etc.  This restores the
  1626  	previous behavior for clipping paths for non-SVG clients.
  1627  
  1628  	* coders/svg.c (SVGStartElement): The initial set of
  1629  	MVG commands for rendering an SVG file now includes
  1630  	new keyword "svg-compliant" (to indicate that certain
  1631  	graphical elements should be drawn according to the
  1632  	SVG spec), and includes an intialization of the SVG
  1633  	"fill-rule" to "nonzero" (the SVG default) instead of
  1634  	the internally initialized value of "evenodd".
  1635  
  1636  	* coders/wpg.c: Fixed C99 "//" comments.
  1637  
  1638  2018-04-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1639  
  1640  	* coders/pict.c (ReadPICTImage): Copy tile exception info to main
  1641  	image and don't composite tile if it has a problem.  Fixes
  1642  	oss-fuzz 7169 "graphicsmagick/enhance_fuzzer:
  1643  	Use-of-uninitialized-value in EnhanceImage". (Credit to OSS-Fuzz)
  1644  
  1645  	* coders/dib.c (ReadDIBImage): Do not increase decode bits/pixel
  1646  	if compression=2, but use it to increase pixel packet size when
  1647  	estimating bytes per line for decode buffer.  Fixes oss-fuzz issue
  1648  	7324 "graphicsmagick/coder_WPG_fuzzer: Use-of-uninitialized-value
  1649  	in ReadDIBImage". (Credit to OSS-Fuzz)
  1650  
  1651  	* coders/dpx.c (ReadDPXImage): When handling the first element of
  1652  	a planar DPX, assure that the other channels are
  1653  	initialized. Fixes oss-fuzz 7841 "graphicsmagick/coder_DPX_fuzzer:
  1654  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  1655  
  1656  	* coders/tim.c (ReadTIMImage): Only 4 and 8 bit TIM requires a
  1657  	colormap. For other depths, force reading as DirectClass even if
  1658  	the TIM file provides a colormap.  Fixes oss-fuzz 7407
  1659  	"graphicsmagick/coder_TIM_fuzzer: Use-of-uninitialized-value in
  1660  	SyncImageCallBack". (Credit to OSS-Fuzz)
  1661  
  1662  2018-04-08  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1663  
  1664  	* coders/mat.c The unread data contains crap in memory,
  1665  	erase current image data. This should mute oss-fuzz 6604.
  1666  
  1667  	* coders/wpg.c - condition "if(y<1) continue;" is redundant
  1668  	and could be removed completely.
  1669  	Allow logging in MatlabV4 module.
  1670  
  1671  	* coders/svg.c - Do not use C++ syntax in C code - removed.
  1672  
  1673  2018-04-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1674  
  1675  	* coders/wpg.c (UnpackWPGRaster): Fix uninitialized row 0 when
  1676  	row-based RLE is used.  Fixes oss-fuzz 6603
  1677  	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
  1678  	BlendCompositePixel". (Credit to OSS-Fuzz)
  1679  
  1680  	* coders/pcd.c: Fix many issues, including oss-fuzz 6016
  1681  	"graphicsmagick/coder_PCD_fuzzer: Heap-double-free in
  1682  	MagickRealloc" and oss-fuzz 6108 "graphicsmagick/coder_PCD_fuzzer:
  1683  	Unknown signal in AllocateThreadViewDataSet". (Credit to OSS-Fuzz)
  1684  
  1685  2018-04-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1686  
  1687  	* coders/dcm.c (funcDCM_BitsStored): Limit DICOM significant bits
  1688  	to 16.  Otherwise rescale map code blows up.  Fixes oss-fuzz 7435
  1689  	"graphicsmagick/coder_DCM_fuzzer: Out-of-memory in
  1690  	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)
  1691  
  1692  	* coders/pix.c (ReadPIXImage): Detect EOF.  Reject RLE lenth of
  1693  	zero.  Fixes oss-fuzz 7440 "graphicsmagick/coder_PIX_fuzzer:
  1694  	Out-of-memory in graphicsmagick_coder_PIX_fuzzer". (Credit to
  1695  	OSS-Fuzz)
  1696  
  1697  2018-04-05  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1698  
  1699  	* coders/dpx.c (ReadDPXImage): Insist on having an element
  1700  	descriptor we understand since otherwise we can not decode the
  1701  	image.  Fixes oss-fuzz 7410 "graphicsmagick/coder_DPX_fuzzer:
  1702  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  1703  
  1704  	* coders/avs.c, etc... (WriteAVSImage): Cache image list length
  1705  	before writing image sequence so that progress monitor is
  1706  	scalable.  Helps with oss-fuzz 7404
  1707  	"graphicsmagick/coder_AVS_fuzzer: Timeout in
  1708  	graphicsmagick_coder_AVS_fuzzer". (Credit to OSS-Fuzz)
  1709  
  1710  2018-04-05  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1711  
  1712  	* coders/svg.c (SVGStartElement, SVGEndElement),
  1713  	magick/render.c (DrawImage): The current text position
  1714  	is now maintained by DrawImage() instead of by
  1715  	SVGStartElement() and SVGEndElement().  This change was
  1716  	made to support the recently implmemented "use" and
  1717  	"class" elements, which may make changes to the font
  1718  	size that are not visible to the code in svg.c.
  1719  
  1720  	* coders/svg.c (GetStyleTokens, SVGStartElement): The
  1721  	list of SVG attributes is now reordered so that
  1722  	"font-size", "class", and "style" are processed first.
  1723  	This ensures that a change to the font size will be
  1724  	processed before any dimensional attribute whose value
  1725  	may depend on the font size (e.g., a width value
  1726  	specified in "em" units).
  1727  
  1728  	* coders/svg.c (ProcessStyleClassDefs): Fixed two memory
  1729  	leaks associated with making an early return when
  1730  	malformed input is detected.
  1731  
  1732  	* magick/render.c (ExtractTokensBetweenPushPop): Fixed
  1733  	an uninitialized variable condition which can occur when
  1734  	malformed input is detected.
  1735  
  1736  	* magick/render.h (DrawInfo), magick/render.c: DrawInfo
  1737  	member "unused1" has been renamed "flags".  It is now
  1738  	used to tag a DrawInfo as being a clipping path or a
  1739  	compositing mask.
  1740  
  1741  2018-04-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1742  
  1743  	* coders/pdb.c (ReadPDBImage): Update DirectClass pixels to avoid
  1744  	use of uninitialized memory for 2 bits/pixel.  Fixes oss-fuzz 7350
  1745  	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
  1746  	WritePDBImage".  (Credit to OSS-Fuzz)
  1747  
  1748  	* coders/palm.c (ReadPALMImage): Fix use of uninitialized memory.
  1749  	Fixes oss-fuzz 7325 "graphicsmagick/coder_PALM_fuzzer:
  1750  	Use-of-uninitialized-value in TransparentImageCallBack". (Credit
  1751  	to OSS-Fuzz)
  1752  
  1753  	* coders/dcm.c (DCM_ReadNonNativeImages): Break out of reading
  1754  	loop on EOF and properly report exception.  Fixes oss-fuzz 7349
  1755  	"graphicsmagick/coder_DCM_fuzzer: Timeout in
  1756  	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)
  1757  
  1758  2018-04-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1759  
  1760  	* coders/xcf.c (ReadXCFImage): Require that XCF file offsets be in
  1761  	ascending order to avoid DOS.  Fixes oss-fuzz 7333
  1762  	"graphicsmagick/coder_XCF_fuzzer: Out-of-memory in
  1763  	graphicsmagick_coder_XCF_fuzzer". (Credit to OSS-Fuzz)
  1764  
  1765  	* coders/wpg.c (UnpackWPGRaster): Fix memory leak in error return
  1766  	path. Fixes oss-fuzz 7338 "graphicsmagick/enhance_fuzzer:
  1767  	Direct-leak in UnpackWPGRaster". (Credit to OSS-Fuzz)
  1768  
  1769  2018-04-03  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1770  
  1771  	* coders/svg.c (SVGStartElement): This changeset adds
  1772  	support for SVG geometric transforms specified using the
  1773  	style="transform: ..." syntax.  This syntax is sometimes
  1774  	used when exporting SVG files from Adobe Illustrator.
  1775  
  1776  2018-04-02  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1777  
  1778  	* coders/dpx.c (ReadDPXImage): Validate DPX packing method.  Fixes
  1779  	oss-fuzz 7296 "graphicsmagick/coder_DPX_fuzzer:
  1780  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  1781  
  1782  2018-04-02  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1783  
  1784  	* coders/svg.c (SVGStartElement, SVGEndElement),
  1785  	magick/render.c (DrawImage): This changeset adds support for
  1786  	"class" styling attributes within a <style> section within
  1787  	the <defs> section, and the ability to reference them from
  1788  	other SVG elements by class="classname".  SVG files exported
  1789  	from Adobe Illustrator make extensive use of "class" definitions.
  1790  
  1791  2018-04-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1792  
  1793  	* coders/pict.c (ReadPICTImage): Fix leak of tile image on EOF.
  1794  	This is a recent regression.  Fixes oss-fuzz 7287
  1795  	"graphicsmagick/coder_PCT_fuzzer: Indirect-leak in
  1796  	CloneImage". (Credit to OSS-Fuzz)
  1797  
  1798  	* magick/pixel_cache.c (OpenCache): Use image->scene rather than
  1799  	GetImageIndexInList(image) for scene-id part of cache info file
  1800  	name.
  1801  
  1802  	* coders/txt.c (WriteTXTImage): Optimize the progress indicator
  1803  	since it is very inefficient with a large number of scenes and
  1804  	oss-fuzz 7090 "graphicsmagick/coder_TEXT_fuzzer: Timeout in
  1805  	graphicsmagick_coder_TEXT_fuzzer" consistently shows
  1806  	GetImageListLength() in its stack traces.
  1807  
  1808  	* coders/dcm.c (ReadDCMImage): DICOM reader was no longer
  1809  	immediately quitting with excessive samples per pixel.  This
  1810  	caused spinning for a very long time when reading planar images
  1811  	with large samples per pixel.  This is a regression due to recent
  1812  	changes.  Fixes oss-fuzz 7269 "graphicsmagick/coder_DCM_fuzzer:
  1813  	Timeout in graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)
  1814  
  1815  	* coders/xcf.c (ReadXCFImage): Destroy layer info before returning
  1816  	due to exception.  This is a new regression due to adding more
  1817  	checks. Fixes oss-fuzz 7277 "graphicsmagick/coder_XCF_fuzzer:
  1818  	Direct-leak in ReadXCFImage". (Credit to OSS-Fuzz)
  1819  
  1820  	* coders/pdb.c (ReadPDBImage): Assure that all bytes of scanline
  1821  	are initialized while decoding.  Fixes oss-fuzz 7051
  1822  	"graphicsmagick/coder_PDB_fuzzer: Use-of-uninitialized-value in
  1823  	WritePDBImage". (Credit to OSS-Fuzz)
  1824  
  1825  2018-03-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1826  
  1827  	* coders/pcx.c (ReadPCXImage): Assure that scanline is
  1828  	initialized.  Fixes oss-fuzz 6612
  1829  	"graphicsmagick/coder_PCX_fuzzer: Use-of-uninitialized-value in
  1830  	WriteRLEPixels". (Credit to OSS-Fuzz)
  1831  
  1832  	* coders/wpg.c (ReadWPGImage): Detect unexpected EOF and avoid use
  1833  	of uninitialized data.  Fixes oss-fuzz 6601
  1834  	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
  1835  	ImportIndexQuantumType". (Credit to OSS-Fuzz)
  1836  
  1837  	* coders/sgi.c (ReadSGIImage): Assure that RLE decode buffer is
  1838  	initialized.  Fixes oss-fuzz 6599
  1839  	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
  1840  	SyncImageCallBack" and oss-fuzz 6600
  1841  	"graphicsmagick/coder_SGI_fuzzer: Use-of-uninitialized-value in
  1842  	SGIEncode". (Credit to OSS-Fuzz)
  1843  
  1844  	* coders/viff.c (ReadVIFFImage): Fix blob I/O size validation to
  1845  	avoid use of uninitialized data. Fixes oss-fuzz 6597
  1846  	"graphicsmagick/coder_VIFF_fuzzer: Use-of-uninitialized-value in
  1847  	ThresholdImage". (Credit to OSS-Fuzz)
  1848  	(ReadVIFFImage): Don't execute SetImageType(image,BilevelType) on
  1849  	an image which has no pixels yet in order to avoid use of
  1850  	uninitialized data. Fixes oss-fuzz 6597.  (Credit to OSS-Fuzz)
  1851  
  1852  	* coders/wbmp.c (ReadWBMPImage): Fix blob I/O size validation to
  1853  	avoid use of uninitialized data. Fixes oss-fuzz 7047
  1854  	"graphicsmagick/coder_WBMP_fuzzer: Use-of-uninitialized-value in
  1855  	ReadWBMPImage". (Credit to OSS-Fuzz)
  1856  
  1857  	* coders/wpg.c (ExtractPostscript): Allow non-Postscript content
  1858  	but force reading using the magick we already detected.  Also log
  1859  	the format that we detected.
  1860  
  1861  	* coders/xcf.c (ReadOneLayer): Reject layer size of 0x0.  Fixes
  1862  	oss-fuzz 6636 "graphicsmagick/coder_XCF_fuzzer: Direct-leak in
  1863  	MagickMallocAligned". (Credit to OSS-Fuzz)
  1864  	(ReadXCFImage): Verify that seek offsets are within the bounds of
  1865  	the file data. Fixes oss-fuzz 6682
  1866  	"graphicsmagick/coder_XCF_fuzzer: Out-of-memory in
  1867  	graphicsmagick_coder_XCF_fuzzer". (Credit to OSS-Fuzz)
  1868  
  1869  	* magick/pixel_cache.c (ModifyCache): Destroy CacheInfo if
  1870  	OpenCache() fails so it is not leaked.
  1871  
  1872  	* coders/wpg.c (ExtractPostscript): Enforce that embedded file is
  1873  	a Postscript file.  Fixes oss-fuzz 7235
  1874  	"graphicsmagick/coder_WPG_fuzzer: Indirect-leak in MagickRealloc".
  1875  	This is indicated to be a regression. (Credit to OSS-Fuzz)
  1876  
  1877  2018-03-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1878  
  1879  	* coders/pict.c (ReadPICTImage): Check image pixel limits before
  1880  	allocating memory for tile.  Fixes oss-fuzz 7217
  1881  	"graphicsmagick/coder_PICT_fuzzer: Out-of-memory in
  1882  	graphicsmagick_coder_PICT_fuzzer".
  1883  
  1884  2018-03-29  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1885  
  1886  	* coders/pcd.c (ReadPCDImage): Add checks for EOF. Fixes oss-fuzz
  1887  	issue 7180 "graphicsmagick/coder_PCDS_fuzzer: Timeout in
  1888  	graphicsmagick_coder_PCDS_fuzzer".  (Credit to OSS-Fuzz)
  1889  
  1890  2018-03-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1891  
  1892  	* coders/svg.c (SVGStartElement, SVGEndElement),
  1893  	magick/render.c (DrawImage): This changeset implements the SVG
  1894  	"use" element.  Graphical elements (e.g., "rect", "text", etc.)
  1895  	can be tagged with an identifier using 'id="identifier"' when
  1896  	defined within the "defs" section.  They can then be referenced
  1897  	elsewhere in the SVG file using:
  1898  
  1899  	<use xlink:href="#identifier" ... />
  1900  
  1901  	When referencing a graphical element by its identifier, the
  1902  	following syntaxes are now treated as being the same:
  1903  
  1904  	href="#identifier"
  1905  	href="url(#identifier)"
  1906  	xlink:href="#identifier"
  1907  	xlink:href="url(#identifier)"
  1908  
  1909  2018-03-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1910  
  1911  	* coders/tim.c (ReadTIMImage): Reader was not observing subimage
  1912  	and subrange to quit after the specified frame range.  Inspired by
  1913  	oss-fuzz 7132 "graphicsmagick/coder_TIM_fuzzer: Timeout in
  1914  	graphicsmagick_coder_TIM_fuzzer" (Credit to OSS-Fuzz)
  1915  
  1916  2018-03-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1917  
  1918  	* coders/svg.c (SVGStartElement): Enable setting the
  1919  	background color from the SVG file when the client
  1920  	specifies style="background:color" inside the <svg>
  1921  	... </svg> element.
  1922  
  1923  2018-03-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1924  
  1925  	* coders/mtv.c (ReadMTVImage): Add some elementary tracing to MTV
  1926  	reader.
  1927  
  1928  	* coders/png.c (ReadMNGImage): Fix SourceForge issue 554
  1929  	"Divide-by-zero in ReadMNGImage (coders/png.c)".  (Credit to Trace
  1930  	Probe)
  1931  
  1932  	* coders/bmp.c (ReadBMPImage): Assure that start position always
  1933  	advances to avoid looping BMPs.  Fixes oss-fuzz 7045
  1934  	"graphicsmagick/coder_BMP_fuzzer: Timeout in
  1935  	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)
  1936  
  1937  	* coders/pict.c (DecodeImage): Verify that sufficient backing data
  1938  	exists before allocating memory to read it.  Fixes oss-fuzz 6629
  1939  	"graphicsmagick/coder_PCT_fuzzer: Out-of-memory in
  1940  	graphicsmagick_coder_PCT_fuzzer".
  1941  	(ReadPICTImage): Destroy tile_image in ThrowPICTReaderException()
  1942  	macro to simplify logic.
  1943  
  1944  2018-03-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1945  
  1946  	* coders/mat.c Check whether datablock is really read.
  1947  	Fixes oss-fuzz 7056 (Credit to OSS-Fuzz)
  1948  
  1949  	* coders/txt.c Duplicate image check for data with fixed geometry
  1950  	previous check is skipped. Fixes oss-fuzz 7090.
  1951  
  1952  2018-03-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1953  
  1954  	* coders/dcm.c (ReadDCMImage): Validate that samples per pixel is
  1955  	in valid range.  Fixes oss-fuzz 6260
  1956  	"graphicsmagick/coder_DCM_fuzzer: Out-of-memory in
  1957  	graphicsmagick_coder_DCM_fuzzer". (Credit to OSS-Fuzz)
  1958  
  1959  	* coders/meta.c (format8BIM): Allocate space for null termination
  1960  	and null terminate string.  Fixes oss-fuzz 5985
  1961  	"graphicsmagick/coder_8BIMTEXT_fuzzer: Heap-buffer-overflow in
  1962  	formatIPTCfromBuffer". (Credit to OSS-Fuzz)
  1963  
  1964  	* coders/fits.c (ReadFITSImage): Include number of FITS scenes in
  1965  	file size validations.  Fixes oss-fuzz 6781
  1966  	"graphicsmagick/coder_FITS_fuzzer: Timeout in
  1967  	graphicsmagick_coder_FITS_fuzzer". (Credit to OSS-Fuzz)
  1968  
  1969  2018-03-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  1970  
  1971  	* coders/meta.c (format8BIM): Validate size request prior to
  1972  	allocation. Fixes oss-fuzz issue 5974
  1973  	"graphicsmagick/coder_8BIMTEXT_fuzzer: Out-of-memory in
  1974  	graphicsmagick_coder_8BIMTEXT_fuzzer". (Credit to OSS-Fuzz)
  1975  
  1976  2018-03-23  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  1977  
  1978  	* coders/mat.c Fix forged amount of frames 7076. (Credit to OSS-Fuzz)
  1979  
  1980          * coders/topol.c Check for forged image that overflows file size
  1981          (fuzz 6836).
  1982  
  1983  2018-03-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  1984  
  1985  	* magick/render.c, render.h (DrawInfo, CloneDrawInfo,
  1986  	DrawClipPath, DrawImage, GetDrawInfo): According to the SVG
  1987  	spec, a clipping path is defined only by the geometry of its
  1988  	constituent elements, and is not dependent on fill color/opacity,
  1989  	stroke color/opacity, or stroke width.  To ensure conformity
  1990  	with the spec, when a clipping path is created, these SVG
  1991  	elements are set to appropriate values, and any attempt to
  1992  	modify them is ignored.
  1993  
  1994  	Also, whenever a clipping path is drawn, the associated image
  1995  	attributes are now updated from the parent image structure.
  1996  	This ensures that any added or modified attributes are up to
  1997  	date.
  1998  
  1999  2018-03-22  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2000  
  2001  	* coders/topol.c Use rather MagickSwabArrayOfUInt32() to
  2002          flip all array elements at once.
  2003  
  2004          * magick/annotate.c Compilation issue - using C++ syntax in C code.
  2005  
  2006  2018-03-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2007  
  2008  	* coders/dpx.c (ReadDPXImage): Validate header length and offset
  2009  	properties.  Fixes oss-fuzz "graphicsmagick/coder_DPX_fuzzer:
  2010  	Use-of-uninitialized-value in WriteDPXImage". (Credit to OSS-Fuzz)
  2011  
  2012  2018-03-20  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2013  
  2014  	* magick/annotate.c (RenderType): According to the SVG
  2015  	spec, the 'font-family' element can be a comma-separated
  2016  	list of one or more font family names.  Function RenderType
  2017  	in file annotate.c has been modified to support multiple
  2018  	font family names as follows.  The comma-separated list is
  2019  	processed until the first available font family is found.
  2020  	If no font family is found, or if font substitution occurred,
  2021  	then the entire font family string is tested to see if it
  2022  	exactly matches a font name, or if the font family string
  2023  	with blanks changed to hypens exactly matches a font name.
  2024  	If a font name match is found, the matched font overrides
  2025  	the font substution.  The font name matching functionality
  2026  	is beyond what's in the SVG spec and is provided as a
  2027  	convenience to the user.
  2028  
  2029  2018-03-20  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2030  
  2031  	* coders/mat.c Fix forged amount of frames 6755. (Credit to OSS-Fuzz)
  2032  
  2033  2018-03-20  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2034  
  2035  	* coders/topol.c Redesign ReadBlobDwordLSB() to be more effective.
  2036  
  2037  2018-03-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2038  
  2039  	* coders/xpm.c (ReadXPMImage): Reject XPM if its condensed version
  2040  	contains non-whitespace control characters.  Fixes oss-fuzz 7027
  2041  	"graphicsmagick/coder_XPM_fuzzer: Timeout in
  2042  	graphicsmagick_coder_XPM_fuzzer". (Credit to OSS-Fuzz)
  2043  
  2044  2018-03-19  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2045  
  2046  	* coders/topol.c Fix tile index overflow fuzz 6634. (Credit to OSS-Fuzz)
  2047  
  2048  2018-03-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2049  
  2050  	* coders/dcm.c (DCM_ReadGrayscaleImage): Don't use rescale map if
  2051  	it was not allocated.  This issue was induced in this development
  2052  	cycle due to disabling generating the rescale map.  Fixes oss-fuzz
  2053  	7021 "graphicsmagick/coder_DCM_fuzzer: Null-dereference READ in
  2054  	DCM_ReadGrayscaleImage". (Credit to OSS-Fuzz)
  2055  
  2056  2018-03-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2057  
  2058  	* magick/color_lookup.c (QueryColorDatabase): Defend against
  2059  	partial scanf() expression matching, resulting in use of
  2060  	uninitialized data.  Likely fixes oss-fuzz 6596
  2061  	"graphicsmagick/coder_XPM_fuzzer: Use-of-uninitialized-value in
  2062  	IsMonochromeImage". (Credit to OSS-Fuzz)
  2063  
  2064  	* coders/rle.c (ReadRLEImage): Validate number of colormap bits to
  2065  	avoid undefined shift behavior.  Fixes oss-fuzz 6630
  2066  	"graphicsmagick/enhance_fuzzer: Undefined-shift in
  2067  	ReadRLEImage". (Credit to OSS-Fuzz)
  2068  
  2069  	* coders/dcm.c (DCM_ReadRGBImage): Don't use rescale map if it was
  2070  	not allocated.  This issue was induced in this development cycle
  2071  	due to disabling generating the rescale map.  Fixes oss-fuzz 6995
  2072  	"graphicsmagick/coder_DCM_fuzzer: Null-dereference READ in
  2073  	DCM_ReadRGBImage". (Credit to OSS-Fuzz)
  2074  
  2075  	* coders/dib.c (DecodeImage): Report failure to decode to expected
  2076  	amount of pixel data as an error.  Fixes oss-fuzz 7007
  2077  	"graphicsmagick/enhance_fuzzer: Use-of-uninitialized-value in
  2078  	EnhanceImage". (Credit to OSS-Fuzz)
  2079  
  2080  	* coders/bmp.c (ReadBMPImage): Add file size and offset/seek
  2081  	validations.  Fixes oss-fuzz 6623
  2082  	"graphicsmagick/coder_BMP_fuzzer: Timeout in
  2083  	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)
  2084  
  2085  2018-03-17  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2086  
  2087  	* dcraw/dcraw.c Updated to version 9.27
  2088  
  2089  2018-03-15  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2090  
  2091  	* coders/gif.c (ReadGIFImage): Fix botched fixes for use of
  2092  	uninitialized data when reading GIF extension blocks.  Hopefully
  2093  	ok now.
  2094  
  2095  2018-03-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2096  
  2097  	* coders/gif.c (ReadGIFImage): Fix use of uninitialized data when
  2098  	reading GIF extension blocks.  Fixes oss-fuzz 6609
  2099  	"graphicsmagick/coder_GIF_fuzzer: Use-of-uninitialized-value in
  2100  	MagickArraySize". This seems to be a totally benign issue. (Credit
  2101  	to OSS-Fuzz)
  2102  
  2103  	* magick/magick.c (MagickSignal): Use an alternate signal stack,
  2104  	if available.  This is required for Go lang C language extensions
  2105  	since Go lang requests an alternate signal sack, and uses small
  2106  	stacks for its threads.  If the library user has not allocated an
  2107  	alternate signal stack, then behavior should be just as before.
  2108  	Issue was originally reported by yzh杨振宏 on March 1, 2018 via
  2109  	the graphicsmagick-help SourceForge mailing list.
  2110  
  2111  2018-02-28  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2112  
  2113  	* magick/pixel_cache.c (AcquireCacheNexus): Add a check that the
  2114  	pixel cache is compatible with the image dimensions.  Fixes
  2115  	oss-fuzz issues 5978 5988 5989 5990 5993 6016, and 6056, which are
  2116  	all related to the PICT writer. (Credit to OSS-Fuzz)
  2117  
  2118  	* magick/draw.c (DrawGetStrokeDashArray): Check for failure to
  2119  	allocate memory.  Patch submited by Petr Gajdos via email on
  2120  	February 28, 2018.
  2121  
  2122  2018-02-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2123  
  2124  	* coders/fits.c (ReadFITSImage): Fix signed integer overflow when
  2125  	computing pixels size.  Fixes oss-fuzz 6586
  2126  	"graphicsmagick/coder_FITS_fuzzer: Integer-overflow in
  2127  	ReadFITSImage". (Credit to OSS-Fuzz)
  2128  
  2129  2018-02-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2130  
  2131  	* coders/svg.c (SVGStartElement, SVGEndElement): From the
  2132  	SVG spec:  "The 'foreignObject' element allows for inclusion
  2133  	of a foreign namespace which has its graphical content drawn
  2134  	by a different user agent."  Code has been added to consume
  2135  	and discard the 'foreignObject' element and any settings (e.g.,
  2136  	fill color) internal to it.  Previously, settings internal
  2137  	to the 'foreignObject' element would persist and "leak" into
  2138  	the graphic elements that followed it, resulting in undesired
  2139  	side effects (e.g., fill color other than the expected default).
  2140  
  2141  2018-02-27  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2142  
  2143  	* magick/render.c (DrawPolygonPrimitive): Fixed a bug
  2144  	introduced by changeset 39102dd1d456.  For SVG, this
  2145  	changeset applied both the group AND the fill opacity
  2146  	values to fill patterns (similarly for stroke).  For WMF,
  2147  	however, this caused the fill pattern to be rendered as
  2148  	100% transparent.  A closer reading of the SVG spec does
  2149  	NOT show that the fill opacity should be applied to the
  2150  	fill pattern, so as of this latest changeset only the group
  2151  	opacity value is applied to fill and stroke patterns.
  2152  
  2153  2018-02-27  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2154  
  2155  	* coders/bmp.c (ReadBMPImage): Fix divide by zero regression added
  2156  	by latest fixes.  Fixes oss-fuzz 6583
  2157  	"graphicsmagick/coder_BMP_fuzzer: Divide-by-zero in ReadBMPImage".
  2158  	(Credit to OSS-Fuzz)
  2159  
  2160  2018-02-26  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2161  
  2162  	* coders/pict.c (ReadPICTImage): Validate that PICT rectangles do
  2163  	not have zero dimensions.  Specify expected file type when reading
  2164  	from a temporary file.  Trace PICT rectangle dimensions.  More
  2165  	detection of blob EOF and more error handling.  Fixes oss-fuzz
  2166  	issue 6193 "graphicsmagick/coder_PCT_fuzzer: Unknown signal in
  2167  	AllocateImageColormap" and likely many oss-fuzz ASAN/UBSAN issues
  2168  	reported against "PCT" and "PICT" since this one problem appears
  2169  	to be causing a spew of reports.
  2170  
  2171  	* coders/png.c (ReadMNGImage): Detect and handle failure to
  2172  	allocate global PLTE.  Problem was reported via email from Petr
  2173  	Gajdos on February 26, 2018.
  2174  
  2175  2018-02-25  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2176  
  2177  	* magick/blob.c (ReadBlobLSBDouble): Make sure imported double is
  2178  	a normal value.
  2179  	(ReadBlobLSBDoubles): Make sure imported doubles are normal
  2180  	values.
  2181  	(ReadBlobLSBFloat): Make sure imported float is a normal value.
  2182  	(ReadBlobLSBFloats): Make sure imported floats are normal values.
  2183  	(ReadBlobMSBFloat): Make sure imported float is a normal value.
  2184  	(ReadBlobMSBFloats): Make sure imported floats are normal values.
  2185  	(ReadBlobMSBDouble): Make sure imported double is a normal value.
  2186  	(ReadBlobMSBDoubles): Make sure imported doubles are normal
  2187  	values.
  2188  
  2189  	* magick/import.c (ImportFloat32Quantum): Make sure imported float
  2190  	is a normal value.
  2191  	(ImportFloat64Quantum): Make sure imported double is a normal
  2192  	value.
  2193  
  2194  	* magick/image.h (RoundDoubleToQuantum): Restore previous behavior
  2195  	(from earlier today).
  2196  	(RoundFloatToQuantum): Restore previous behavior (from earlier
  2197  	today).
  2198  
  2199  	* coders/bmp.c (ReadBMPImage): Fix UBSAN runtime error: left shift
  2200  	of 205 by 24 places cannot be represented in type 'int'.
  2201  
  2202  	* coders/ept.c (ReadEPTImage): Fix dereference of NULL pointer
  2203  	which was detected by UBSAN in the test suite.
  2204  
  2205  	* magick/image.h (RoundDoubleToQuantum): Check double value for
  2206  	NaN and infinity in order to avoid undefined behavior.
  2207  	(RoundFloatToQuantum): Check float value for NaN and infinity in
  2208  	order to avoid undefined behavior.
  2209  
  2210  	* magick/common.h (MAGICK_ISNAN): Add a isnan() wrapper macro.
  2211  	(MAGICK_ISINF): Add a isinf() wrapper macro.
  2212  
  2213  2018-02-25  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2214  
  2215  	* coders/mat.c Fix oss-fuzz issue 6273 - Heap-use-after-free in
  2216  	GetLocaleExceptionMessage. (Credit to OSS-Fuzz)
  2217  
  2218  2018-02-24  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2219  
  2220  	* coders/dcm.c (DCM_PostRescaleImage): Remove use of
  2221  	DCM_PostRescaleImage() since its implementation is wrong and
  2222  	accesses non-allocated heap memory.  Problem was reported by Petr
  2223  	Gajdos via email on February 8, 2018.
  2224  
  2225  	* coders/jp2.c (ReadJP2Image): Use a ThrowJP2ReaderException macro
  2226  	to automatically clean up when throwing an exception.
  2227  
  2228  	* coders/bmp.c (ReadBMPImage): Report an error if RLE decode does
  2229  	not produce the expected number of bytes.  Fixes oss-fuzz issue
  2230  	6015 "graphicsmagick/coder_BMP_fuzzer: Out-of-memory in
  2231  	graphicsmagick_coder_BMP_fuzzer". (Credit to OSS-Fuzz)
  2232  
  2233  2018-02-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2234  
  2235  	* magick/render.c (DrawImage): Fixed a bug in which graphical
  2236  	elements defined within <defs> ... </defs> were being rendered,
  2237  	contrary to the SVG spec.
  2238  
  2239  2018-02-23  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2240  
  2241  	* magick/render.c (DrawPolygonPrimitive): When filling or
  2242  	stroking a polygon using a pattern, the fill (or stroke)
  2243  	and group/object opacity values were not being applied to
  2244  	the pattern (fixed).
  2245  
  2246  2018-02-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2247  
  2248  	* coders/bmp.c (ReadBMPImage): Fix SeekBlob() return value checks.
  2249  	Add more EOF checks.  Require that a provided ba_offset be a
  2250  	forward seek in order to avoid the possibility of endless looping.
  2251  
  2252  2018-02-23  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2253  
  2254  	* coders/mat.c Fix oss-fuzz issue 6301. (Credit to OSS-Fuzz)
  2255  
  2256  2018-02-22  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2257  
  2258  	* magick/alpha_composite.c (BlendQuantumOpacity): The
  2259  	pixel compositing equation used when compositing an
  2260  	image into the output was incorrect and has been fixed.
  2261  
  2262  	* magick/render.c (DrawPolygonPrimitive): When
  2263  	compositing polygon edge pixels over a transparent
  2264  	black background, the code would composite as if the
  2265  	background were opaque black, resulting in the edge
  2266  	pixels being too dark (fixed).
  2267  
  2268  2018-02-21  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2269  
  2270  	* magick/render.c (DrawImage): Per the SVG spec, opacity,
  2271  	fill-opacity, and stroke-opacity values are now clamped
  2272  	to [0,1].
  2273  
  2274  	Also fixed two bugs introduced by changeset 91de8039f27d
  2275  	(dated 2018-02-12): (1) a group/object opacity value
  2276  	specified using a percentage was not being converted to a
  2277  	value in [0,1]; (2) if fill-opacity or stroke-opacity was
  2278  	1, and the group/object opacity value was set to 1, the
  2279  	resulting fill-opacity or stroke-opacity value would be
  2280  	set to 0 instead of 1.
  2281  	
  2282  2018-02-19  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2283  
  2284  	* coders/viff.c (ReadVIFFImage): Fix excessive memory usage.
  2285  	Fixes oss-fuzz 6006 "graphicsmagick/coder_XV_fuzzer: Out-of-memory
  2286  	in graphicsmagick_coder_XV_fuzzer". (Credit to OSS-Fuzz)
  2287  
  2288  	* coders/txt.c (ReadInt): Avoid benign signed integer overflow due
  2289  	to accepting an arbitrary number of digits.  Fixes oss-fuzz 6002
  2290  	"graphicsmagick/coder_TEXT_fuzzer: Integer-overflow in
  2291  	ReadInt". (Credit to OSS-Fuzz)
  2292  
  2293  	* coders/viff.c (ReadVIFFImage): Verify that there is sufficient
  2294  	data to back up colormap allocation request.  Fixes oss-fuzz 5986
  2295  	"graphicsmagick/coder_VIFF_fuzzer: Out-of-memory in
  2296  	graphicsmagick_coder_VIFF_fuzzer". (Credit to OSS-Fuzz)
  2297  
  2298  	* magick/memory.c: Define MAGICK_MEMORY_HARD_LIMIT=value to abort
  2299  	when memory request exceeds value.  Useful to find location of
  2300  	excessive memory requests.
  2301  
  2302  2018-02-19  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2303  
  2304  	* coders/svg.c (SVGStartElement): Per the SVG spec, the
  2305  	SVG coder now initializes the MVG coder (which renders
  2306  	SVG graphical elements) with the the SVG defaults for
  2307  	fill color, fill-opacity, stroke color, stroke-opacity,
  2308  	and stroke-width.  This makes the SVG coder independent
  2309  	of the MVG coder intial state.
  2310  
  2311  2018-02-19  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2312  
  2313  	* coders/svg.c (SVGStartElement): Fixed initialization of
  2314  	x and y attributes per the SVG spec:  for graphical elements
  2315  	"image", "pattern", "text", "rect", and "use", if the x or y
  2316  	attribute is not specified, the effect is as if a value of
  2317  	"0" were specified.
  2318  
  2319  2018-02-18  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2320  
  2321  	* coders/sun.c (ReadSUNImage): Fix edge case which broke file-size
  2322  	validation logic.  Fixes oss-fuzz issue 5981
  2323  	"graphicsmagick/coder_SUN_fuzzer: Out-of-memory in
  2324  	graphicsmagick_coder_SUN_fuzzer". (Credit to OSS-Fuzz)
  2325  
  2326  	* coders/txt.c (ReadTXTImage): Validate that file size is
  2327  	sufficient for claimed image properties.  Fixes oss-fuzz issue
  2328  	5960 "graphicsmagick/coder_TXT_fuzzer: Out-of-memory in
  2329  	graphicsmagick_coder_TXT_fuzzer". (Credit to OSS-Fuzz)
  2330  
  2331  	* coders/tga.c (ReadTGAImage): Only allow 1 and 8 bit
  2332  	colormapped/grey images. Fixes oss-fuzz issue 6314
  2333  	"graphicsmagick/coder_ICB_fuzzer: Undefined-shift in
  2334  	ReadTGAImage". (Credit to OSS-Fuzz)
  2335  
  2336  	* coders/bmp.c (ReadBMPImage): Detect and report when BMP height
  2337  	value is out of range (too negative). Fixes oss-fuzz issue 6394
  2338  	"graphicsmagick/coder_BMP_fuzzer: Integer-overflow in
  2339  	ReadBMPImage". (Credit to OSS-Fuzz)
  2340  
  2341  	* coders/rla.c (ReadRLAImage): Detect when RLE decoding is
  2342  	producing too many samples and report as an error.  Fixes oss-fuzz
  2343  	issue 6312 "graphicsmagick/coder_RLA_fuzzer: Timeout in
  2344  	graphicsmagick_coder_RLA_fuzzer". (Credit to OSS-Fuzz)
  2345  
  2346  	* coders/fits.c (ReadFITSImage): Validate that file size is
  2347  	sufficient for claimed image properties.  Fixes oss-fuzz issue
  2348  	6429 "graphicsmagick/coder_FITS_fuzzer: Timeout in
  2349  	graphicsmagick_coder_FITS_fuzzer". (Credit to OSS-Fuzz)
  2350  
  2351  	* magick/image.c (CloneImage): Check image pixel limits in
  2352  	CloneImage() when it is used to change the image dimensions.  This
  2353  	avoids depending on the using code to detect and report such
  2354  	issues.
  2355  
  2356  	* coders/xcf.c (ReadXCFImage): Check image pixel limits after each
  2357  	CloneImage() to assure that image is within specified resource
  2358  	limits.  Fixes oss-fuzz issue 6399 "graphicsmagick/enhance_fuzzer:
  2359  	Timeout in graphicsmagick_enhance_fuzzer". (Credit to OSS-Fuzz)
  2360  
  2361  2018-02-16  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2362  
  2363  	* magick/render.c (TracePath): TracePath() was not
  2364  	correctly processing multiple sets of cubic or quadratic
  2365  	Bezier coordinates when the previous path data command was
  2366  	not a cubic or quadratic Bezier command.  This would result
  2367  	in the first control point being equal to the current path
  2368  	point instead of being computed using the current path
  2369  	point and the second control point of the previous Bezier
  2370  	command.
  2371  
  2372  2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2373  
  2374  	* magick/render.c (TracePath): TracePath() was not
  2375  	consuming commas (if present) at the end of a set of
  2376  	points when multiple sets of points were specified for
  2377  	various path commands (e.g., line, Bezier). This
  2378  	resulted in the remaining sets of points being ignored
  2379  	(fixed).
  2380  
  2381  2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2382  
  2383  	* magick/render.c (TraceArcPath): No points are generated
  2384  	by TraceArcPath() if the starting and ending arc points
  2385  	are the same.  For this case, the coordinate count was not
  2386  	being set to zero before returning (fixed).
  2387  
  2388  2018-02-15  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2389  
  2390  	* magick/render.c (DrawImage): Clipping of polygons in
  2391  	DrawImage() would sometime result in a starting pixel
  2392  	location that was greater than the ending pixel location,
  2393  	causing a subsequent call to GetImagePixelsEx() to fail
  2394  	due a column count <= 0.  Modified the clipping code to
  2395  	eliminate this condition, and also to return early if
  2396  	the polygon lies completely outside the image boundaries.
  2397  	Also fixed variable declarations from a previous commit
  2398  	that were causing problems for the C89 compiler.
  2399  
  2400  2018-02-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2401  
  2402  	* coders/topol.c (ReadTOPOLImage): Detect EOF immediately rather
  2403  	than spinning.  Fixes oss-fuzz issue 6303
  2404  	"graphicsmagick/coder_TOPOL_fuzzer: Timeout in
  2405  	graphicsmagick_coder_TOPOL_fuzzer". (Credit to OSS-Fuzz)
  2406  
  2407  	* coders/dcm.c (DCM_SetupRescaleMap): Avoid excessive left shift.
  2408  	Fixes oss-fuzz issue 6256 "graphicsmagick/coder_DCM_fuzzer:
  2409  	Undefined-shift in DCM_SetupRescaleMap". (Credit to OSS-Fuzz)
  2410  
  2411  2018-02-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2412  
  2413  	* coders/wpg.c (ExtractPostscript): Detect EOF on input while
  2414  	transferring bytes to Postscript file.  Fixes oss-fuzz issue 6087
  2415  	"graphicsmagick/coder_WPG_fuzzer: NULL".  Later identified to be
  2416  	CVE-2017-17682 as previously discovered in ImageMagick.  (Credit to
  2417  	OSS-Fuzz)
  2418  
  2419  	* coders/pdb.c (ReadPDBImage): Quit attempting to read image data
  2420  	immediately at EOF. Fixes oss-fuzz issue 6252
  2421  	"graphicsmagick/coder_PDB_fuzzer: Timeout in
  2422  	graphicsmagick_coder_PDB_fuzzer".  (Credit to OSS-Fuzz)
  2423  
  2424  2018-02-12  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2425  
  2426  	* coders/topol.c (ReadTOPOLImage): Avoid index out of bounds when
  2427  	input filename does not use a file extension. Fixes oss-fuzz issue
  2428  	6237 "graphicsmagick/coder_TOPOL_fuzzer: Index-out-of-bounds in
  2429  	ReadTOPOLImage".  (Credit to OSS-Fuzz)
  2430  
  2431  2018-02-12  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2432  
  2433  	* magick/render.c (DrawImage): Object/group opacity,
  2434  	when set in DrawImage(), would overwrite the fill
  2435  	and stroke opacities. This has been fixed so that
  2436  	the object opacity is now combined with the fill
  2437  	and stroke opacities per the SVG spec.
  2438  
  2439  2018-02-12  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2440  
  2441  	* coders/mat.c Fix oss-fuzz issue 6021. (Credit to OSS-Fuzz)
  2442  
  2443  2018-02-11  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2444  
  2445  	* coders/dcm.c (ReadDCMImage): Avoid undefined left shift of
  2446  	short.  Fix memory leaks in error reporting paths.  Fixes oss-fuzz
  2447  	issue 6217 "graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
  2448  	ReadDCMImage". (Credit to OSS-Fuzz)
  2449  
  2450  	* coders/dpx.c (ReadDPXImage): Avoid divide by zero exception in
  2451  	the case where reference high equals reference low. Fixes oss-fuzz
  2452  	issue 6215 "graphicsmagick/coder_DPX_fuzzer: Divide-by-zero in
  2453  	ReadDPXImage". (Credit to OSS-Fuzz)
  2454  
  2455  	* coders/topol.c (ReadTOPOLImage): Avoid index out of bounds when
  2456  	input filename does not use a file extension.
  2457  
  2458  	* coders/cut.c (ReadCUTImage): Avoid index out of bounds when
  2459  	input filename does not use a file extension. Fixes oss-fuzz issue
  2460  	6218 "graphicsmagick/coder_CUT_fuzzer: Index-out-of-bounds in
  2461  	ReadCUTImage".  (Credit to OSS-Fuzz)
  2462  
  2463  	* coders/pwp.c (ReadPWPImage): Force temporary file to be read as
  2464  	a SFW file rather than autodetecting the format.  Fixes oss-fuzz
  2465  	issue 6220 "graphicsmagick/coder_PWP_fuzzer: Indirect-leak in
  2466  	AllocateImage".  (Credit to OSS-Fuzz)
  2467  
  2468  2018-02-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2469  
  2470  	* coders/pdf.c (WritePDFImage): Assure that xref memory is not
  2471  	leaked if an exception is thrown.  Fixes oss-fuzz issue 5968
  2472  	"graphicsmagick/coder_EPDF_fuzzer: Direct-leak in MagickRealloc".
  2473  	(Credit to OSS-Fuzz)
  2474  
  2475  	* coders/tim.c (ReadTIMImage): Verify that 4/8 bit PSX TIM
  2476  	provides a CLUT and verify indexes.  Fixes oss-fuzz issue 5972
  2477  	"graphicsmagick/coder_TIM_fuzzer: Null-dereference WRITE in
  2478  	ReadTIMImage".  (Credit to OSS-Fuzz)
  2479  
  2480  	* coders/topol.c (ReadTOPOLImage): Add additional header
  2481  	validations.  Fixes oss-fuzz issue 5975
  2482  	"graphicsmagick/coder_TOPOL_fuzzer: Floating-point-exception in
  2483  	ReadTOPOLImage".  (Credit to OSS-Fuzz)
  2484  
  2485  	* coders/bmp.c (ReadBMPImage): Avoid possible division by zero
  2486  	when decoding CIE primary values. (Credit to OSS-Fuzz)
  2487  
  2488  	* magick/export.c (ExportViewPixelArea): Only compute
  2489  	unsigned_maxvalue if sample_bits <= 32.
  2490  
  2491  	* magick/import.c (ImportViewPixelArea): Assure that
  2492  	double_maxvalue minus double_minvalue is not zero, or excessively
  2493  	close to zero to avoid divide by zero exception or impossible
  2494  	scaling factor. (Credit to OSS-Fuzz)
  2495  	(ImportViewPixelArea): Only compute unsigned_maxvalue if
  2496  	sample_bits <= 32.
  2497  
  2498  2018-02-09  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2499  
  2500  	* coders/dib.c (ReadDIBImage): Validate that image width is not
  2501  	too negative such that it's absolute value can not fit in 32-bit
  2502  	unsigned width. Resolves oss-fuzz issue 6179
  2503  	"graphicsmagick/coder_ICO_fuzzer: Integer-overflow in
  2504  	ReadDIBImage". (Credit to OSS-Fuzz)
  2505  
  2506  	* coders/dcm.c (funcDCM_BitsStored): Validate DICOM datum size.
  2507  	Use a different means to determine the maximum value which does
  2508  	not use excessive shifting.  Resolves oss-fuzz issue 6165
  2509  	"graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
  2510  	funcDCM_BitsStored". (Credit to OSS-Fuzz)
  2511  
  2512  2018-02-08  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2513  
  2514  	* coders/dpx.c (ReadWordU32BE): Add casts to avoid default type
  2515  	promotion from unsigned char to 'int' leading to undefined
  2516  	behavior for 24 bit shift. Fixes oss-fuzz issue 6058
  2517  	"graphicsmagick/coder_DPX_fuzzer: Undefined-shift in
  2518  	ReadWordU32BE". (Credit to OSS-Fuzz)
  2519  	(ReadDPXImage): Require that the file has at least one element.
  2520  	Add bountiful casts for values which are left-shifted.  Fixes
  2521  	oss-fuzz issue 5962 "graphicsmagick/coder_DPX_fuzzer:
  2522  	Undefined-shift in ReadDPXImage". (Credit to OSS-Fuzz)
  2523  
  2524  	* coders/dcm.c (DCM_ReadOffsetTable): Add casts Add casts to avoid
  2525  	default type promotion from unsigned char to 'int' leading to
  2526  	undefined behavior for 16 bit shift. Fixes oss-fuzz issue 5980
  2527  	"graphicsmagick/coder_DCM_fuzzer: Undefined-shift in
  2528  	DCM_ReadOffsetTable". (Credit to OSS-Fuzz)
  2529  
  2530  	* magick/module_aliases.h (ModuleAliases): Add missing mapping
  2531  	from "ICODIB" format to "DIB" module.
  2532  
  2533  	* magick/import.c (ImportUInt32Quantum): Add casts to avoid
  2534  	default type promotion from unsigned char to 'int' leading to
  2535  	undefined behavior for 24 bit shift.  Fixes oss-fuzz
  2536  	"graphicsmagick/coder_P7_fuzzer: Undefined-shift in
  2537  	ImportRGBQuantumType". (Credit to OSS-Fuzz)
  2538  
  2539  2018-02-07  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2540  
  2541  	* coders/wpg.c Fix oss-fuzz issue 5964
  2542  	"graphicsmagick/coder_MAT_fuzzer: Heap-use-after-free in
  2543  	GetLocaleExceptionMessage". (Credit to OSS-Fuzz)
  2544  
  2545  2018-02-07	Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2546  
  2547  	* magick/render.c (IsPoint): Fixed a bug in which
  2548  	IsPoint() would reject as a valid coordinate value
  2549  	strings that did not begin with an integer: e.g.,
  2550  	"0.25" would be accepted, but ".25" would not.
  2551  
  2552  2018-02-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2553  
  2554  	* coders/cut.c (ReadCUTImage): Fix DestroyImageInfo() of NULL
  2555  	pointer leading to assertion.  Fixes oss-fuzz issue 6067
  2556  	"graphicsmagick/coder_CUT_fuzzer: Unknown signal in
  2557  	DestroyImageInfo".
  2558  
  2559  	* coders/tga.c (ReadTGAImage): Throw exception rather than
  2560  	assertion for unexpected comment size.  Fixes oss-fuzz issue 5961
  2561  	"graphicsmagick/coder_ICB_fuzzer: ASSERT: (size_t)
  2562  	(tga_info.id_length+1) == commentsize".
  2563  
  2564  2018-02-06  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2565  
  2566  	* coders/pdf.c (WritePDFImage): Free 'xref' allocation before
  2567  	error return.  Fixes oss-fuzz issue 5968
  2568  	"graphicsmagick/coder_EPDF_fuzzer: Direct-leak in MagickRealloc".
  2569  
  2570  2018-02-04  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2571  
  2572  	* coders/pdb.c (ReadPDBImage): Fix heap buffer overflow if blob is
  2573  	already at EOF when comment is read.  Fixes oss-fuzz issue 5997
  2574  	"graphicsmagick/coder_PDB_fuzzer: Heap-buffer-overflow in
  2575  	SetImageAttribute".
  2576  
  2577  	* coders/dpx.c (ReadDPXImage): Fix memory leak of user data if
  2578  	user data is truncated.  Fix consumption of one uninitialized
  2579  	stack bytes.  Fixes oss-fuzz issue 5973:
  2580  	graphicsmagick/enhance_fuzzer: Direct-leak in ReadDPXImage.
  2581  
  2582  	* coders/pnm.c (ReadPNMImage): Detect and avoid division by zero.
  2583  	Fixes Issue 5959 in oss-fuzz: graphicsmagick/coder_P7_fuzzer:
  2584  	Divide-by-zero in ReadPNMImage
  2585  
  2586  	* magick/xwindow.c (MagickXClientMessage): Eliminate valgrind
  2587  	gripe about use of uninitialized stack data by clearing allocation
  2588  	to zero.
  2589  	(MagickXMakeImage): Eliminate valgrind gripe about use of
  2590  	uninitialized heap data by clearing allocation to zero.
  2591  
  2592  	* coders/pwp.c (ReadPWPImage): Remove bogus EOF test on an image
  2593  	with a closed blob.  Fixes Issue 5957 in oss-fuzz:
  2594  	graphicsmagick/coder_PWP_fuzzer: ASSERT: image->blob->type !=
  2595  	UndefinedStream.
  2596  
  2597  	* www/Changes.rst: Fix typo with spelling "ChangeLog-2017.html".
  2598  	Resolves SourceForge issue #544 "dead link 2017 changelog page on
  2599  	GraphicsMagick web site".
  2600  
  2601  2018-02-03  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2602  
  2603  	* magick/static.c (OpenModule): Assure that status is initialized.
  2604  	Resolves Coverity 261207 "Uninitialized scalar variable".
  2605  
  2606  	* wand/magick_wand.c (MagickHasColormap): New function to test if
  2607  	the image has a colormap.
  2608  	(MagickIsGrayImage): New function to test if the image uses only
  2609  	gray pixels.
  2610  	(MagickIsMonochromeImage): New function to test if the image uses
  2611  	only monochrome pixels.
  2612  	(MagickIsOpaqueImage): New function to test if the image uses only
  2613  	opaque pixels.
  2614  	(MagickIsPaletteImage): New function to test if the image is based
  2615  	on a color palette.  Above functions are written by Troy Patteson
  2616  	and submitted via SourceForge patch #54 "Wand API patches: has
  2617  	colormap, is gray image, is monochrome image, is opaque image, is
  2618  	palette image".
  2619  
  2620  	* fuzzing: Added initial OSS-Fuzz integration by Alex Gaynor.
  2621  	From SourceForge patch #55 "OSS-Fuzz integration"
  2622  
  2623  	* coders/png.c (ReadMNGImage): Fix free using possibly unallocated
  2624  	pointer value.
  2625  
  2626  	* magick/blob.c (SeekBlob): Remove implicit extension of blob
  2627  	allocation size based on seek offset.  Besides making an
  2628  	assumption about how the blob memory was allocated, this
  2629  	reallocation feature provides a memory DOS opportunity.  Resolves
  2630  	issue reported by Alex Gaynor via email entitled "Security issue
  2631  	with memory management in Magick++" to the graphicsmagick-security
  2632  	list on 31 Jan 2018.
  2633  	(SeekBlob):
  2634  
  2635  	* coders/jpeg.c (ReadIPTCProfile): Revert inadvertent wrong return
  2636  	codes added by change on December 9, 2017.  Fixes SourceForge bug
  2637  	542 "Improper call to JPEG library in state 201" since 1.3.28.
  2638  
  2639  2018-02-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2640  
  2641  	* magick/annotate.c (RenderFreetype): Fixed the text
  2642  	opacity computation in RenderFreeType(). This bug caused
  2643  	the text fill color to bleed into the character cell when
  2644  	the SVG "fill-opacity" is less than 1.0.
  2645  
  2646  2018-02-01  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2647  
  2648  	* magick/attribute.c (CloneImageAttributes): Fixed a bug
  2649  	in which the source image attributes would always replace
  2650  	the destination image attributes instead of being appended
  2651  	to them, and the destination image attributes would become
  2652  	a memory leak.
  2653  
  2654  2018-01-31  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2655  
  2656  	* coders/svg.c (SVGStartElement): Fixed a bug in which the
  2657  	x,y location values for a <text> or <tspan> were overwritten
  2658  	by the x,y values for the next <tspan> before the previous
  2659  	values were used.  This caused the text associated with the
  2660  	previous <text> or <tspan> to appear at the location
  2661  	specified for the next <tspan>.
  2662  
  2663  2018-01-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2664  
  2665  	* magick/static.c: Use !defined(SupportMagickModules) to enable
  2666  	static module loader.  Fixes SourceForge bug #543 "Multiple
  2667  	definition of "OpenModule" (etc) when cross-compiling shared".
  2668  
  2669  2018-01-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2670  
  2671  	* coders/svg.c (SVGStartElement): A terminating '>' in
  2672  	a geometry string is interpreted to mean that the dimensions
  2673  	of an image should only be changed if its width or height
  2674  	exceeds the geometry specification.  For an unapparent and
  2675  	undocumented reason, a terminating '>', if present, was
  2676  	being nulled out, making this feature unusable for SVG files
  2677  	(now fixed).
  2678  
  2679  2018-01-29  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2680  
  2681  	* coders/svg.c (ReadSVGImage): If there is a geometry string
  2682  	in image_info->size (e.g., gm convert -size "50x50%" in.svg
  2683  	out.png), AllocateImage() sets image->columns and image->rows
  2684  	to the width and height values from the size string.  However,
  2685  	this makes no sense if the size string was something like
  2686  	"50x50%" (we'll get columns = rows = 50).  So we set columns
  2687  	and rows to 0 after AllocateImage(), which is the same as if
  2688  	no size string was supplied by the client.  This also results
  2689  	in svg_info.bounds to be set to 0,0 (i.e., unknown), so that
  2690  	svg_info.bounds will later be set using the image size
  2691  	information from either the svg "canvas" width/height or from
  2692  	the viewbox.  Later, variable "page" is set from
  2693  	svg_info->bounds. Then the geometry string in image_info->size
  2694  	gets applied to the (now known) "page" width and height when
  2695  	SvgStartElement() calls GetMagickGeometry(), and the intended
  2696  	result is obtained.
  2697  
  2698  
  2699  2018-01-24  Greg Wolfe  <gregory.wolfe@kodakalaris.com>
  2700  
  2701  	* coders/svg.c (SVGStartElement): When the density (DPI)
  2702  	is specified using the ImageInfo::density member, the derived
  2703  	scale factor is incorrectly applied a second time to the
  2704  	width and height members of variable RectangleInfo page.
  2705  	Fixes SourceForge ticket #451.
  2706  
  2707  2018-01-23  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2708  
  2709  	* magick/static.c: Use a lazy-loader for static modules with the
  2710  	same external interface as the lazy-loader for dynamic modules.
  2711  
  2712  2018-01-20  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2713  
  2714  	* NEWS.txt: Prepare for 1.3.28 release.
  2715  
  2716  2018-01-17  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2717  
  2718  	* NEWS.txt: Update with changes since previous release.
  2719  
  2720  2018-01-14  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2721  
  2722  	* PerlMagick/Magick.xs: Compiler warnings reduction.
  2723  
  2724  	* magick/pixel_cache.h: Mark GetPixels(), GetIndexes(), and
  2725  	GetOnePixel() as deprecated.  Compilers may produce a warning if
  2726  	these functions are used.
  2727  
  2728  	* magick/pixel_cache.c (InterpolateColor): Return black pixel if
  2729  	InterpolateViewColor() reports failure.
  2730  
  2731  	* coders/png.c (ReadMNGImage): Fix memory leak of chunk and
  2732  	mng_info in error path.
  2733  
  2734  	* coders/gif.c (ReadGIFImage): Fix memory leak of global colormap.
  2735  
  2736  2018-01-13  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2737  
  2738  	* magick/symbols.h: Fix SourceForge issue #538 "13 symbols in
  2739  	common with ImageMagick despite --enable-symbol-prefix".
  2740  
  2741  	* coders/bmp.c (ReadBMPImage): Fix non-terminal loop due to
  2742  	unexpected bit-field mask value.  Fixes SourceForge issue #541
  2743  	"Infinite Loop in ReadBMPImage (coders/bmp.c)".
  2744  
  2745  	* coders/jpeg.c (JPEGMessageHandler): Revert code added on
  2746  	2017-07-08 to promote certain warnings from libjpeg to errors.
  2747  	Add code to rationalize claimed image dimensions based on file
  2748  	size.  Resolves SourceForge issue #539 "Images with libjpeg
  2749  	warnings result in error".
  2750  
  2751  2018-01-11  Fojtik Jaroslav  <JaFojtik@seznam.cz>
  2752  
  2753  	* coders/wpg.c Recursive ReadImage could return multiple scenes
  2754            fixed.
  2755  
  2756  2018-01-07  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2757  
  2758  	* coders/png.c (ReadOnePNGImage): Quit 'passes' loop if we
  2759  	encountered an error
  2760  
  2761  	* magick/pixel_cache.c (SetNexus): Fix heap overwrite in
  2762  	AcquireCacheNexus() due to SetNexus() not using an allocated
  2763  	staging area for the pixels like it should.  This problem impacts
  2764  	all 1.3.X releases.  Resolves SourceForge issues 532
  2765  	"heap-buffer-overflow bug in ReadWPGImage" and #531
  2766  	"heap-buffer-overflow in AcquireCacheNexus".
  2767  
  2768  	* magick/pixel_cache.c (InterpolateViewColor): Now returns
  2769  	MagickPassFail rather than void.  Code using this function is
  2770  	updated to check the return status.
  2771  
  2772  2018-01-01  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2773  
  2774  	* magick/describe.c (DescribeImage): Discriminate between
  2775  	AcquireImagePixels() returning NULL or finding a transparent
  2776  	pixel.  This avoids use of a null pointer in the case where
  2777  	AcquireImagePixels() returns NULL.
  2778  
  2779  2017-12-31  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2780  
  2781  	* magick/static.c: Change static module initialization to be based
  2782  	on an initialized list rather than a squence of function calls in
  2783  	order to simplify maintenance and possibly address future
  2784  	requirements.
  2785  
  2786  2017-12-30  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
  2787  
  2788  	* Copyright.txt: Bump copyright years and rotate ChangeLog.