1.3.32:
Special Issues:
It has been discovered that the 'ICU' library (a perhaps 30MB C++ library) which is now often a libxml2 dependendency causes huge process initialization overhead. This is noticed as unexpected slowness when GraphicsMagick utilities are used to process small to medium sized files. The time to initialize is often longer than the time to read the input file, process the image, and write the output file. If the 'ICU' dependency can not be avoided, then make sure to use the modules build. Please lobby the 'ICU' library developers to change their implementation to avoid long start-up times due to merely linking with the library.
Security Fixes:
GraphicsMagick is now participating in Google's oss-fuzz project due to the contributions and assistance of Alex Gaynor. Since February 4 2018, 343 issues have been opened by oss-fuzz and 331 of those issues have been resolved. The issues list is available at https://bugs.chromium.org/p/oss-fuzz/issues/list under search term "graphicsmagick". Issues are available for anyone to view and duplicate if they have been in "Verified" status for 30 days, or if they have been in "New" status for 90 days. There are too many fixes to list here. Please consult the GraphicsMagick ChangeLog file, Mercurial repository commit log, and the oss-fuzz issues list for details.
BMP reader: Fix heap overflow in 32-bit build due to arithmetic overflow. Only happens if limits are changed from defaults.
BMP reader/writer: Improve buffer-size calculations to guard against buffer overflows.
DIB reader: Reject files which claim more than 8-bits per pixel but also claim to be colormapped.
DIB reader/writer: Improve buffer-size calculations to guard against buffer overflows.
MIFF reader: Detect end of file while reading RLE packets.
MIFF reader: Fix heap overflow (for some files using RLE compression) caused by a typo in the code.
MAT writer: Added missing error handling to avoid heap overflow.
MNG reader: Fixed a small heap buffer overflow.
SVG reader: Fixed a stack buffer overflow.
TGA writer: Fix heap overflow when image rows/columns are larger than 65535.
TIFF reader: Rationalize tile width/height to reject large tile sizes which are much larger than the image dimensions.
TIFF reader: Apply memory resource limits to strip and tile allocations.
WMF reader: Fixed a division by zero problem.
XWD reader: Many heap buffer overflows and uses of uninitialized data were fixed.
Pixel cache: Now apply resource limits to pixel nexus allocations using the same limits (total pixels, width, height, memory) as applied to the whole image since some requests are directly influenced by the input file. More tests are added for arithmetic overflow. Care was taken to minimize performance impact due to the many extra checks.
Bug fixes:
See above note about oss-fuzz fixes.
Fixed include order of magick/api.h vs wand/wand_symbols.h.
WriteImage(): Eliminate use of just-freed memory in clone_info->magick when throwing exception due to no support for format.
Magick++/lib/Magick++/Drawable.h: Fix use of clang diagnostic syntax.
DIB: Preserve PseudoClass opaque representation if ICO mask is opaque.
JPEG reader: Restore ability to access detailed image properties while in 'ping' mode.
JPEG reader: Base test for "Unreasonable dimensions" on original JPEG dimensions and not the scaled dimensions.
JPEG reader: Allow input files to have a compression ratio as high as 2500. Extremely compressed files were being rejected.
FreeType renderer: Fixed a memory leak.
PDF writer: Fixed a memory leak.
PDF writer: Fixed a thread safety problem.
PICT reader: Fix a thread safety problem.
Exception reporting: Throwing an exception was not thread safe. Now it is.
Exception reporting: Handle the case where some passed character strings refer to existing exception character strings.
Command-line parser now does not attempt to read a list of filenames from a file in '@name' syntax if the path '@name' exists. Previously it would attempt to read a list of file names from 'name' even if '@name' did exist.
Rendering: Short-circuit path parsing and return and error immediately if an error occurs.
New Features:
Added support for writing the Braille image format (by Samuel Thibault).
WebP writer: Support WebP 'use_sharp_yuv' option ("if needed, use sharp (and slow) RGB->YUV conversion") via -define webp:use-sharp-yuv=true.
The version command output now reports the OpenMP specification number rather than just the integer version identifier.
API Updates:
ReallocateImageColormap() added to re-allocate an existing colormap.
Some improperly-exposed globals are now static as they should have been.
fb54def692