[Pkg-gmagick-im-team] Bug#1004529: imagemagick-6.q16: convert foo.png foo.eps security violation leaves empty foo.eps
Barak A. Pearlmutter
barak at cs.nuim.ie
Sat Jan 29 22:34:21 GMT 2022
Package: imagemagick-6.q16
Version: 8:6.9.11.60+dfsg-1.3
Severity: normal
When "convert foo.png foo.eps" gets a security error, it leaves an empty
foo.eps.
/usr/bin/convert should not generate incorrect output files. If the
output cannot be correctly generated, the output file should be removed.
The current behaviour is a problem when convert is used in a Makefile,
where the first run of "make" generates an error but also an empty
output file, then a second run of "make" treats that empty output file
as correct and continues later stages of the build.
Example:
$ ls -l stroke-signs-1.eps
ls: cannot access 'stroke-signs-1.eps': No such file or directory
$ convert stroke-signs-1.png stroke-signs-1.eps
convert-im6.q16: attempt to perform an operation not allowed by the security policy `EPS' @ error/constitute.c/IsCoderAuthorized/421.
$ ls -l stroke-signs-1.eps
-rw-rw-r-- 1 barak barak 0 Jan 14 22:36 stroke-signs-1.eps
More information about the Pkg-gmagick-im-team
mailing list