Commit de731f345 for imagemagick.org
commit de731f34545d7026779fcbb2353e9036afc18bad
Author: Cristy <urban-warrior@imagemagick.org>
Date: Thu Jun 11 09:09:56 2026 -0400
support ThrowPolicyException() convenience define
diff --git a/MagickCore/annotate.c b/MagickCore/annotate.c
index 616d62c73..296e73337 100644
--- a/MagickCore/annotate.c
+++ b/MagickCore/annotate.c
@@ -1603,6 +1603,9 @@ static MagickBooleanType RenderFreetype(Image *image,const DrawInfo *draw_info,
/*
Initialize Truetype library.
*/
+ if ((*draw_info->font == '@') &&
+ (IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,draw_info->font) == MagickFalse))
+ ThrowPolicyException(draw_info->font,MagickFalse);
memory=FreetypeAcquireMemoryManager();
if (memory == (FT_Memory) NULL)
ThrowBinaryException(ResourceLimitError,"UnableToInitializeFreetypeLibrary",
diff --git a/MagickCore/blob.c b/MagickCore/blob.c
index 3a1b8ae7b..6f58d519a 100644
--- a/MagickCore/blob.c
+++ b/MagickCore/blob.c
@@ -1460,12 +1460,7 @@ MagickExport void *FileToBlob(const char *filename,const size_t extent,
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
*length=0;
if (IsPathAuthorized(ReadPolicyRights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(NULL);
- }
+ ThrowPolicyException(filename,NULL);
file=fileno(stdin);
if (LocaleCompare(filename,"-") != 0)
{
@@ -1488,10 +1483,7 @@ MagickExport void *FileToBlob(const char *filename,const size_t extent,
if (IsPathAuthorized(ReadPolicyRights,filename) == MagickFalse)
{
file=close_utf8(file)-1;
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(NULL);
+ ThrowPolicyException(filename,NULL);
}
offset=(MagickOffsetType) lseek(file,0,SEEK_END);
count=0;
@@ -1690,12 +1682,7 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
if (IsEventLogging() != MagickFalse)
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",filename);
if (IsPathAuthorized(ReadPolicyRights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
+ ThrowPolicyException(filename,MagickFalse);
file=fileno(stdin);
if (LocaleCompare(filename,"-") != 0)
{
@@ -1710,13 +1697,7 @@ MagickExport MagickBooleanType FileToImage(Image *image,const char *filename,
return(MagickFalse);
}
if (IsPathAuthorized(ReadPolicyRights,filename) == MagickFalse)
- {
- file=close_utf8(file);
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
+ ThrowPolicyException(filename,MagickFalse);
quantum=(size_t) MagickMaxBufferExtent;
if ((fstat(file,&file_stats) == 0) && (file_stats.st_size > 0))
quantum=(size_t) MagickMin(file_stats.st_size,MagickMaxBufferExtent);
@@ -3409,12 +3390,7 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
if (*type == 'w')
rights=WritePolicyRights;
if (IsPathAuthorized(rights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
+ ThrowPolicyException(filename,MagickFalse);
if ((LocaleCompare(filename,"-") == 0) ||
((*filename == '\0') && (image_info->file == (FILE *) NULL)))
{
@@ -3523,12 +3499,7 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
(void) CopyMagickString(image->filename,filename,MagickPathExtent);
}
if (IsPathAuthorized(rights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),
- PolicyError,"NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
+ ThrowPolicyException(filename,MagickFalse);
}
if (image_info->file != (FILE *) NULL)
{
@@ -3678,12 +3649,7 @@ MagickExport MagickBooleanType OpenBlob(const ImageInfo *image_info,
}
}
if (IsPathAuthorized(rights,filename) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),
- PolicyError,"NotAuthorized","`%s'",filename);
- return(MagickFalse);
- }
+ ThrowPolicyException(filename,MagickFalse);
blob_info->status=0;
blob_info->error_number=0;
if (blob_info->type != UndefinedStream)
diff --git a/MagickCore/constitute.c b/MagickCore/constitute.c
index bbc8fe196..6387b3daf 100644
--- a/MagickCore/constitute.c
+++ b/MagickCore/constitute.c
@@ -452,19 +452,9 @@ static MagickBooleanType IsCoderAuthorized(const char *module,
const char *coder,const PolicyRights rights,ExceptionInfo *exception)
{
if (IsRightsAuthorized(CoderPolicyDomain,rights,coder) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",coder);
- return(MagickFalse);
- }
+ ThrowPolicyException(coder,MagickFalse);
if (IsRightsAuthorized(ModulePolicyDomain,rights,module) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",module);
- return(MagickFalse);
- }
+ ThrowPolicyException(module,MagickFalse);
return(MagickTrue);
}
diff --git a/MagickCore/delegate.c b/MagickCore/delegate.c
index 2fa92a633..ab2fa6eba 100644
--- a/MagickCore/delegate.c
+++ b/MagickCore/delegate.c
@@ -1728,20 +1728,10 @@ MagickExport MagickBooleanType InvokeDelegate(ImageInfo *image_info,
rights=ExecutePolicyRights;
if ((decode != (const char *) NULL) &&
(IsRightsAuthorized(DelegatePolicyDomain,rights,decode) == MagickFalse))
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",decode);
- return(MagickFalse);
- }
+ ThrowPolicyException(decode,MagickFalse);
if ((encode != (const char *) NULL) &&
(IsRightsAuthorized(DelegatePolicyDomain,rights,encode) == MagickFalse))
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",encode);
- return(MagickFalse);
- }
+ ThrowPolicyException(encode,MagickFalse);
temporary=(*image->filename == '\0') ? MagickTrue : MagickFalse;
if ((temporary != MagickFalse) && (AcquireUniqueFilename(image->filename) ==
MagickFalse))
diff --git a/MagickCore/exception-private.h b/MagickCore/exception-private.h
index d2dfaa0fa..b65d9ac7a 100644
--- a/MagickCore/exception-private.h
+++ b/MagickCore/exception-private.h
@@ -66,6 +66,13 @@ extern "C" {
"`%s'",image->filename); \
return((Image *) NULL); \
}
+#define ThrowPolicyException(tag,status) \
+{ \
+ errno=EPERM; \
+ (void) ThrowMagickException(exception,GetMagickModule(),PolicyError, \
+ "NotAuthorized","`%s'",tag); \
+ return(status); \
+}
#define ThrowReaderException(severity,tag) \
{ \
(void) ThrowMagickException(exception,GetMagickModule(),severity,tag, \
diff --git a/MagickCore/module.c b/MagickCore/module.c
index 8e60b2853..8d349c77e 100644
--- a/MagickCore/module.c
+++ b/MagickCore/module.c
@@ -980,12 +980,7 @@ MagickExport MagickBooleanType InvokeDynamicImageFilter(const char *tag,
(*images)->filename);
rights=ReadPolicyRights;
if (IsRightsAuthorized(FilterPolicyDomain,rights,tag) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",tag);
- return(MagickFalse);
- }
+ ThrowPolicyException(tag,MagickFalse);
#if !defined(MAGICKCORE_BUILD_MODULES)
{
MagickBooleanType
@@ -1275,12 +1270,7 @@ MagickPrivate MagickBooleanType OpenModule(const char *module,
LocaleUpper(module_name);
rights=(PolicyRights) (ReadPolicyRights | WritePolicyRights);
if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",module);
- return(MagickFalse);
- }
+ ThrowPolicyException(module_name,MagickFalse);
if (GetValueFromSplayTree(module_list,module_name) != (void *) NULL)
return(MagickTrue); /* module already opened, return */
/*
@@ -1677,12 +1667,7 @@ MagickExport MagickBooleanType InvokeDynamicImageFilter(const char *tag,
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",(*image)->filename);
rights=ReadPolicyRights;
if (IsRightsAuthorized(FilterPolicyDomain,rights,tag) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",tag);
- return(MagickFalse);
- }
+ ThrowPolicyException(tag,MagickFalse);
#if defined(MAGICKCORE_BUILD_MODULES)
(void) tag;
(void) argc;
diff --git a/MagickCore/static.c b/MagickCore/static.c
index 1fb58aaa2..490c91692 100644
--- a/MagickCore/static.c
+++ b/MagickCore/static.c
@@ -137,12 +137,7 @@ MagickExport MagickBooleanType InvokeStaticImageFilter(const char *tag,
(void) LogMagickEvent(TraceEvent,GetMagickModule(),"%s",(*image)->filename);
rights=ReadPolicyRights;
if (IsRightsAuthorized(FilterPolicyDomain,rights,tag) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",tag);
- return(MagickFalse);
- }
+ ThrowPolicyException(tag,MagickFalse);
#if defined(MAGICKCORE_MODULES_SUPPORT)
(void) tag;
(void) argc;
@@ -242,12 +237,7 @@ MagickExport MagickBooleanType RegisterStaticModule(const char *module,
(void) CopyMagickString(module_name,p->name,MagickPathExtent);
rights=(PolicyRights) (ReadPolicyRights | WritePolicyRights);
if (IsRightsAuthorized(ModulePolicyDomain,rights,module_name) == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",module);
- return(MagickFalse);
- }
+ ThrowPolicyException(module_name,MagickFalse);
extent=sizeof(MagickModules)/sizeof(MagickModules[0]);
for (i=0; i < (ssize_t) extent; i++)
if (LocaleCompare(MagickModules[i].module,module_name) == 0)
diff --git a/MagickCore/string.c b/MagickCore/string.c
index 46d115055..2db50bea2 100644
--- a/MagickCore/string.c
+++ b/MagickCore/string.c
@@ -984,12 +984,7 @@ MagickExport char *FileToString(const char *filename,const size_t extent,
status=IsRightsAuthorized(PathPolicyDomain,ReadPolicyRights,filename);
if (status == MagickFalse)
- {
- errno=EPERM;
- (void) ThrowMagickException(exception,GetMagickModule(),PolicyError,
- "NotAuthorized","`%s'",filename);
- return((char *) NULL);
- }
+ ThrowPolicyException(filename,(char *) NULL);
p=filename+1;
}
return((char *) FileToBlob(p,extent,&length,exception));