Description: ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte Origin: https://foss.heptapod.net/graphicsmagick/graphicsmagick/-/commit/8e56520435df50f618a03f2721a39a70a515f1cb Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2025-32460 Forwarded: not-needed Author: Bob Friesenhahn --- a/coders/jxl.c +++ b/coders/jxl.c @@ -600,7 +600,7 @@ static Image *ReadJXLImage(const ImageIn ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image); } grayscale=MagickTrue; - pixel_format.num_channels=1; + pixel_format.num_channels=image->matte ? 2 : 1; pixel_format.data_type=(basic_info.bits_per_sample <= 8 ? JXL_TYPE_UINT8 : (basic_info.bits_per_sample <= 16 ? JXL_TYPE_UINT16 : JXL_TYPE_FLOAT)); @@ -765,10 +765,32 @@ static Image *ReadJXLImage(const ImageIn size_t out_len; + if (image->logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "JxlPixelFormat:\n" + " num_channels: %u\n" + " data_type: %s\n" + " endianness: %s\n" + " align: %" MAGICK_SIZE_T_F "u", + pixel_format.num_channels, + pixel_format.data_type == JXL_TYPE_FLOAT ? "float" : + (pixel_format.data_type == JXL_TYPE_UINT8 ? "uint8" : + (pixel_format.data_type == JXL_TYPE_UINT16 ? "uint16" : + (pixel_format.data_type == JXL_TYPE_FLOAT16 ? "float16" : + "unknown"))) , + pixel_format.endianness == JXL_NATIVE_ENDIAN ? "native" : + (pixel_format.endianness == JXL_LITTLE_ENDIAN ? "little" : + (pixel_format.endianness == JXL_BIG_ENDIAN ? "big" : "unknown")), + pixel_format.align); + status=JxlDecoderImageOutBufferSize(jxl_decoder,&pixel_format,&out_len); if (status != JXL_DEC_SUCCESS) break; + if (image->logging) + (void) LogMagickEvent(CoderEvent,GetMagickModule(), + "JxlDecoderImageOutBufferSize() returns %" MAGICK_SIZE_T_F "u", + (MAGICK_SIZE_T) out_len); out_buf=MagickAllocateResourceLimitedArray(unsigned char *,out_len,sizeof(*out_buf)); if (out_buf == (unsigned char *) NULL) ThrowJXLReaderException(ResourceLimitError,MemoryAllocationFailed,image);