From: Bob Friesenhahn <bfriesen@GraphicsMagick.org>
Date: Fri, 11 Apr 2025 20:49:23 +0000 (+0200)
Subject: ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte
X-Git-Tag: archive/raspbian/1.4+really1.3.40-4+rpi1+deb12u1^2~1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=aaa5bd7aaea1cd3440eb6c36dfe0fe617625f4c5;p=graphicsmagick.git

ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte

Origin: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-32460
Forwarded: not-needed


Gbp-Pq: Name CVE-2025-32460.patch
---

diff --git a/coders/jxl.c b/coders/jxl.c
index 8a370fe..d64171e 100644
--- a/coders/jxl.c
+++ b/coders/jxl.c
@@ -600,7 +600,7 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
                       ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);
                   }
                 grayscale=MagickTrue;
-                pixel_format.num_channels=1;
+                pixel_format.num_channels=image->matte ? 2 : 1;
                 pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 :
                                   (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 :
                                    JXL_TYPE_FLOAT));
@@ -765,10 +765,32 @@ static Image *ReadJXLImage(const ImageInfo *image_info,
             size_t
               out_len;
 
+            if (image->logging)
+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                    "JxlPixelFormat:\n"
+                                    "    num_channels: %u\n"
+                                    "    data_type: %s\n"
+                                    "    endianness: %s\n"
+                                    "    align: %" MAGICK_SIZE_T_F "u",
+                                    pixel_format.num_channels,
+                                    pixel_format.data_type == JXL_TYPE_FLOAT ? "float" :
+                                    (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" :
+                                     (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" :
+                                      (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" :
+                                       "unknown"))) ,
+                                    pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" :
+                                    (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" :
+                                     (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")),
+                                    pixel_format.align);
+
             status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len);
             if (status != JXL_DEC_SUCCESS)
               break;
 
+            if (image->logging)
+              (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+                                    "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u",
+                                    (MAGICK_SIZE_T) out_len);
             out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf));
             if (out_buf == (unsigned char *) NULL)
               ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);