A few uninitialized value use bugs in MagickCore

This issue has been created since 2021-10-16.

ImageMagick version

latest git version 7eba68f

Operating system

Linux

Operating system, version and so on

ubuntu-18.04

Description

Hi maintainers,
These issues are in:
1.MagickCore/draw.c:1379

if (clone_info->density != (char *) NULL)
    {
      GeometryInfo
        geometry_info;

      MagickStatusType
        flags;

      flags=ParseGeometry(clone_info->density,&geometry_info);
      resolution.x=geometry_info.rho;
      resolution.y=geometry_info.sigma;
      if ((flags & SigmaValue) == MagickFalse)
        resolution.y=resolution.x;
    }

  1. MagickCore/annotate.c:1523
1523   if (draw_info->density != (char *) NULL)
1524     {
1525       GeometryInfo
1526         geometry_info;
1527 
1528       MagickStatusType
1529         geometry_flags;
1530 
1531       geometry_flags=ParseGeometry(draw_info->density,&geometry_info);
1532       resolution.x=geometry_info.rho;
1533       resolution.y=geometry_info.sigma;
1534       if ((geometry_flags & SigmaValue) == 0)
1535         resolution.y=resolution.x;
1536     }

3.MagickCore/annotate.c:2111

2111   if (draw_info->density != (char *) NULL)
2112     {
2113       GeometryInfo
2114         geometry_info;
2115 
2116       MagickStatusType
2117         flags;
2118 
2119       flags=ParseGeometry(draw_info->density,&geometry_info);
2120       resolution.x=geometry_info.rho;
2121       resolution.y=geometry_info.sigma;
2122       if ((flags & SigmaValue) == 0)
2123         resolution.y=resolution.x;
2124     }

MagickCore/image.c:4052


4052   if (option != (const char *) NULL)
4053     {
4054       flags=ParseGeometry(option,&geometry_info);
4055       image->chromaticity.blue_primary.x=geometry_info.rho;
4056       image->chromaticity.blue_primary.y=geometry_info.sigma;
4057       if ((flags & SigmaValue) == 0)
4058         image->chromaticity.blue_primary.y=image->chromaticity.blue_primary.x;

  1. MagickCore/enhance.c:3676
3676   flags=ParseGeometry(modulate,&geometry_info);
3677   percent_brightness=geometry_info.rho;
3678   percent_saturation=geometry_info.sigma;
3679   if ((flags & SigmaValue) == 0)
3680     percent_saturation=100.0;
3681   percent_hue=geometry_info.xi;
3682   if ((flags & XiValue) == 0)
3683     percent_hue=100.0;
  1. MagickCore/xwindow.c:3192
3192           GeometryInfo
 3193             geometry_info;
 3194 
 3195           MagickStatusType
 3196             flags;
 3197 
 3198           /*
 3199             Initialize map relative to display and image gamma.
 3200           */
 3201           flags=ParseGeometry(resource_info->display_gamma,&geometry_info);
 3202           red_gamma=geometry_info.rho;
 3203           green_gamma=geometry_info.sigma;
 3204           if ((flags & SigmaValue) == 0)
 3205             green_gamma=red_gamma;
 3206           blue_gamma=geometry_info.xi;
 3207           if ((flags & XiValue) == 0)
 3208             blue_gamma=red_gamma;
 3209           red_gamma*=image->gamma;
 3210           green_gamma*=image->gamma;
 3211           blue_gamma*=image->gamma;
Credit

I found it based on my tools.

These issues are similar to the issue #1522.

 if (image_info->density != (char *) NULL)
    {Credit
      GeometryInfo
        geometry_info;

      flags=ParseGeometry(image_info->density,&geometry_info);
      image->resolution.x=geometry_info.rho;
      image->resolution.y=geometry_info.sigma;
      if ((flags & SigmaValue) == 0)
        image->resolution.y=image->resolution.x;
    }

proposal patch:

-          image->resolution.x=geometry_info.rho;
-          image->resolution.y=geometry_info.sigma;
-          if ((flags & SigmaValue) == 0)
-            image->resolution.y=image->resolution.x;
+          if ((flags & RhoValue) != 0)
+            image->resolution.x=geometry_info.rho;
+          image->resolution.y=image->resolution.x;
+          if ((flags & SigmaValue) != 0)
+            image->resolution.y=geometry_info.sigma;

Thank you for the review. I appreciate your time

Acknowledged for the report:
Andrew Bao

Steps to Reproduce

As described

Images

No response

urban-warrior wrote this answer on 2021-10-17

Thanks for the problem report. We can reproduce it and will have a patch to fix it in the GIT main branch @ https://github.com/ImageMagick/ImageMagick later today. The patch will be available in the beta releases of ImageMagick @ https://imagemagick.org/download/beta/ by sometime tomorrow.

More Details About Repo
Owner Name ImageMagick
Repo Name ImageMagick
Full Name ImageMagick/ImageMagick
Language C
Created Date 2015-05-17
Updated Date 2022-09-29
Star Count 7761
Watcher Count 179
Fork Count 1063
Issue Count 112

YOU MAY BE INTERESTED

Issue Title Created Date Comment Count Updated Date
RTSP Stream Blank, Test Link Audio Only 27 2018-10-02 2022-09-24
outer link check failed at 660dd20cd78023ed4983a6d749b85d5086b0c6fa 5 2021-10-17 2022-07-19
Make platform-specific functions return `io::Result`, and fallback values in lib.rs 1 2021-09-25 2022-09-25
How to manage retry_strategy in store ? 0 2021-07-28 2022-04-21
Strange dot patterns on GIFs 2 2021-09-08 2022-02-18
[CheckboxGroup] 设置checkbox-group组件的disabled无法生效 2 2022-03-31 2022-09-17
Issue with flowtuple3 example 1 2021-04-20 2022-09-25
rxjs-playground.zip 0 2021-04-29 2022-01-22
Get Current Selection Service no longer works 7 2022-02-17 2022-09-14
Add locale for es-MX 0 2021-09-10 2022-09-02
Request: Addition of Equihash 125,4 Algorithm 2 2021-11-01 2022-08-05
Support For Material-UI 9 2019-11-26 2022-09-09
How to get the cache name in CacheEventListener? 1 2021-01-14 2022-09-04
Metaissue: Improve the interpreter 9 2021-12-08 2022-08-26
can't sync block after upgrade to v0.100.0 4 2021-09-23 2022-08-06
Emojis Crashing Element Android 0 2021-12-18 2021-12-18
Set form attribute on inputs when form is given an id 2 2022-06-01 2022-09-17
Could export timestamp be added as a variable in Darktable 3 2022-08-04 2022-09-05
data.json doesn't populate upon login 8 2021-10-09 2022-02-20
cpu and memory usage 90% 1 2021-08-24 2022-09-19
slows and pauses when vpn enabled, work fine when vpn disabled 17 2021-10-06 2022-09-11
Add settings option for ionicons 14 2021-10-05 2022-09-25
Cherry pick PR 6397 in r0.10 0 2021-10-27 2022-08-18
Not working with Github CI but does with Gitlab ? 1 2022-07-18 2022-09-06
[Bug] RuntimeError: Was not able to add blocks 391793-391825 (wallet stuck at 391793) 10 2021-11-28 2022-08-14
Install not working... 1 2021-05-02 2022-09-19
how to hide scrollbar 0 2022-04-16 2022-08-28
How allow notifications ( push ) in Firefox webapp ? 2 2022-04-07 2022-08-28
Disabling spell check 1 2022-05-16 2022-09-10
Consider removing exporters from MeterProvider __init__ parameters 1 2021-12-09 2022-09-28
ability to control order of oap tags 0 2021-04-26 2022-08-23
questions about AL and DAL 2 2021-03-20 2022-09-05
Capture Logs from OSLog as Breadcrumbs 0 2021-11-17 2022-09-25
nzAllowClear of version 13.1.0 component does not refresh component state in time 1 2022-03-01 2022-09-24
Tester's Issue Report for "Navigate forwards to a grid" 0 2021-10-28 2022-08-22
[Bug]:版本1.17.1使用yarn安装electron 9.4.4报404 2 2022-02-07 2022-09-29
Bug Report - AzureRM provider 3.0.0 availability zones error 6 2022-03-25 2022-09-20
On adding extra arguments to train.py and handling them 1 2021-10-15 2022-09-25
Compilation error 2 2021-03-02 2022-01-11
Under IOS, the device can not automatically reconnect after disconnection. 9 2019-08-27 2022-08-31
need a help exporting .pt to .engine (to tensorrt) 4 2022-04-25 2022-08-31
Fix documentation not being attached to `#[shared]`, `#[local]` structs. 0 2021-10-09 2022-09-09
bug(icon): validation method does not properly check attributes starting with 'on' 4 2022-08-25 2022-09-13
I would like to compose service up and specify the desiredCount 9 2019-05-28 2022-09-21
orgList is not remapped to lowercase when changing via PATCH route 0 2020-03-22 2022-09-09
Client Allocation Request for: 1 2022-03-19 2022-05-05
Support for AKS Defender Profile 2 2022-01-21 2022-07-20
resource/aws_route: route is not saved in the state when it fails to be available (in 2m) on creation 36 2021-09-24 2022-08-26
.mlx not classified as MATLAB code 2 2021-11-13 2022-09-23
Add subscription service and watchlist for NFT Creator updates in Brave Wallet 1 2021-10-28 2022-09-20