A possible divide by zero issue found by static analysis

[yiyuaner]

Prerequisites

• I have written a descriptive issue title
• I have searched open and closed issues to ensure it has not already been reported
• I have verified that I am using the latest version of ImageMagick

ImageMagick version

7.0.11-11

Operating system

Linux

Operating system, version and so on

CentOS

Description

In function OpenPixelCache(Image *image,const MapMode mode, ExceptionInfo *exception), we have the following code:

packet_size=cache_info->number_channels*sizeof(Quantum);
...
columns=(size_t) (length/cache_info->rows/packet_size);

If cache_info->number_channels equals to 0, then we have a divide by zero problem.
Notice that the code explicitly checks the value of cache_info->columns and throws an exception if it is negative:

ImageMagick/MagickCore/cache.c

Lines 3723 to 3725 in 442c87b

	if ((cache_info->columns != columns) || ((ssize_t) cache_info->columns < 0) ||
	((ssize_t) cache_info->rows < 0))
	ThrowBinaryException(ResourceLimitError,"PixelCacheAllocationFailed",

Thus, it seems reasonable to me to also check the value of cache_info->number_channels to avoid any potential problems.

Steps to Reproduce

This is a potential bug found by static analysis, and thus has no POC. Please verify if it is genuine, thanks!

Images

No response

[urban-warrior]

We're not completely sure that an image can be created with no channels, however, its certainly easy enough to protect against a possible divide by zero. We'll add a patch.