Fixed stack-based buffer overflow (private e-mail from Mitsunari)

author Cristy <urban-warrior@imagemagick.org>

Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)
author Cristy <urban-warrior@imagemagick.org>
Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)
diff --git a/coders/txt.c b/coders/txt.c

index 7da066b7a11d45fe120755a6ae3db64287eaee74..3f5087d7179eac541900a38253d4c87c84efa48f 100644 (file)
--- a/coders/txt.c
+++ b/coders/txt.c
@@ -440,7 +440,7 @@ static Image *ReadTXTImage(const ImageInfo *image_info,ExceptionInfo *exception)
      height=0;
      max_value=0;
      *colorspace='\0';
-    count=(ssize_t) sscanf(text+32,"%lu,%lu,%lu,%s",&width,&height,&max_value,
+    count=(ssize_t) sscanf(text+32,"%lu,%lu,%lu,%32s",&width,&height,&max_value,
        colorspace);
      if ((count != 4) || (width == 0) || (height == 0) || (max_value == 0))
        ThrowReaderException(CorruptImageError,"ImproperImageHeader");
author	Cristy <urban-warrior@imagemagick.org>
	Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Fri, 10 Nov 2017 15:16:14 +0000 (10:16 -0500)