]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 6e9e67b)
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7329
authorCristy <urban-warrior@imagemagick.org>
Tue, 3 Apr 2018 17:35:50 +0000 (13:35 -0400)
committerCristy <urban-warrior@imagemagick.org>
Tue, 3 Apr 2018 17:35:50 +0000 (13:35 -0400)
coders/heic.c patch | blob | history

diff --git a/coders/heic.c b/coders/heic.c
index 580efbf20667c898ca0b26cad95646948b9dbc1a..df48726ce5d28b1b1d6d9b45444246ad0b5bc9dc 100644 (file)
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -413,10 +413,11 @@ static MagickBooleanType ParseIpcoAtom(Image *image, DataBuffer *db,
     if (prop->data != (uint8_t *) NULL)
       prop->data=(uint8_t *) RelinquishMagickMemory(prop->data);
     prop->data = (uint8_t *) AcquireCriticalMemory(prop->size+4);
+    (void) memset(prop->data, 0, prop->size+4);
     if (DBChop(&propDb, db, prop->size) != MagickTrue) {
       ThrowAndReturn("incorrect read size");
     }
-    memcpy(prop->data, propDb.data, prop->size+4);
+    memcpy(prop->data, propDb.data, prop->size);
 
     switch (prop->type) {
       case ATOM('h', 'v', 'c', 'C'):
Unnamed repository; edit this file 'description' to name the repository.