https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5781

author Cristy <urban-warrior@imagemagick.org>

Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)
author Cristy <urban-warrior@imagemagick.org>
Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)
diff --git a/coders/sixel.c b/coders/sixel.c

index 01dfa8d93e420072abea26c7c710007bc32c1d05..edce7ba4fa8cbe4e5fcfafc7dd9c7d8d6cc6a8be 100644 (file)
--- a/coders/sixel.c
+++ b/coders/sixel.c
@@ -245,8 +245,9 @@ MagickBooleanType sixel_decode(unsigned char              /* in */  *p,
      int imsx, imsy;
      int dmsx, dmsy;
      int y;
-    size_t offset;
+    size_t extent,offset;
  
+    extent=strlen((char *) p);
      posision_x = posision_y = 0;
      max_x = max_y = 0;
      attributed_pan = 2;
@@ -380,6 +381,8 @@ MagickBooleanType sixel_decode(unsigned char              /* in */  *p,
  
              if ((n > 0) && (param[0] > 0)) {
                  repeat_count = param[0];
+                if (repeat_count > extent)
+                  break;
              }
  
          } else if (*p == '#') {
author	Cristy <urban-warrior@imagemagick.org>
	Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Sun, 28 Jan 2018 21:39:12 +0000 (16:39 -0500)