SECURITY: imagemagick/graphicsmagick was ignoring all errors

So, in a much older patch I had a problem where an incorrect RGB profile would make image uploads fail. I fixed this by using strpos against the error message...but didn't check the return value correctly. That means that any error from gm/im was ignored. This caused people to upload too large images and flood /b/ with 1 x 10000 pixel images My fault, patched now. Sorry about that. Conflicts: inc/image.php
10 years ago · 6052ed8d3d
1 changed files with 10 additions and 4 deletions
--- a/inc/image.php
+++ b/inc/image.php
@ -330,6 +330,7 @@ class ImageConvert extends ImageBase {
 					$convert_args = str_replace('-auto-orient', '', $config['convert_args']);
 				else
 					$convert_args = &$config['convert_args'];
+
 				if (($error = shell_exec_error(($this->gm ? 'gm ' : '') . 'convert ' .
 					sprintf($convert_args,
 						$this->width,
@ -361,10 +362,15 @@ class ImageConvert extends ImageBase {
 					$this->width,
 					$this->height,
 					escapeshellarg($this->temp)))) || !file_exists($this->temp)) {
-				if (!file_exists($this->temp)) {
-					$this->destroy();
-					error(_('Failed to resize image!'), null, $error);
-				}
+
+					if (strpos($error, "known incorrect sRGB profile") === false) {
+						$this->destroy();
+						error('Failed to resize image!', null, array('convert_error' => $error));
+					}
+					if (!file_exists($this->temp)) {
+						$this->destroy();
+						error(_('Failed to resize image!'), null, $error);
+					}
 			}
 			if ($size = $this->get_size($this->temp)) {
 				$this->width = $size[0];