From d43610f82e1757b45925a8830ac297ff9dc4abca Mon Sep 17 00:00:00 2001 From: =?utf8?q?G=C3=BCnther=20Noack?= Date: Fri, 4 Jul 2025 16:15:42 +0200 Subject: [PATCH] image-sgi: Return early if sgiOpenFile fails sgiOpenFile can fail when passing an image that both has large dimensions and which also uses RLE compression. In that case, sgiOpenFile attempts to allocate space for compression-related tables and these allocations may fail due to the requested size, causing sgiOpenFile to return NULL. Without this fix, the NULL pointer gets dereferenced, which crashes the filter process. Compare https://en.wikipedia.org/wiki/Silicon_Graphics_Image#Header for an overview of the SGI image headere. --- cupsfilters/image-sgi.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cupsfilters/image-sgi.c b/cupsfilters/image-sgi.c index 9bdb121b2..77629ac8f 100644 --- a/cupsfilters/image-sgi.c +++ b/cupsfilters/image-sgi.c @@ -56,6 +56,9 @@ _cupsImageReadSGI( sgip = sgiOpenFile(fp, SGI_READ, 0, 0, 0, 0, 0); + if (!sgip) + return (1); + /* * Get the image dimensions and load the output image... */ -- 2.47.2