ReadJXLImage(): Apply image dimension resource limits. Addresses oss-fuzz Issue 69728

Backported to Debian by Carlos Henrique Lima Melara <charles@debian.org>

Changes:
 - Drop changes to changelog and version files.
Origin: upstream, https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/9bbae7314e3c3b19b830591010ed90bb136b9c42
Bug-Debian: https://bugs.debian.org/1099955
Last-Update: 2025-03-31

Gbp-Pq: Name CVE-2025-27795.patch

diff --git a/coders/jxl.c b/coders/jxl.c
index b8a85fd431032121a770d0a64c012e8795512ad2..8a370fee9ca01cefafa392c1e9ae6894d3fbbd94 100644 (file)
--- a/coders/jxl.c
+++ b/coders/jxl.c
@@ -531,6 +531,7 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
                                       basic_info.alpha_bits, basic_info.num_color_channels,
                                       basic_info.have_animation == JXL_FALSE ? "False" : "True");
               }
+
             if (basic_info.num_extra_channels)
               {
                 size_t index;
@@ -579,6 +580,9 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
 
             image->orientation=convert_orientation(basic_info.orientation);
 
+            if (CheckImagePixelLimits(image, exception) != MagickPass)
+              ThrowJXLReaderException(ResourceLimitError,ImagePixelLimitExceeded,image);
+
             pixel_format.endianness=JXL_NATIVE_ENDIAN;
             pixel_format.align=0;
             if (basic_info.num_color_channels == 1)