https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6074

diff --git a/coders/dcm.c b/coders/dcm.c
index 8885e1dd2c8e4e6c5c925a9821a9e52db10917e7..eff8818a9d8c6ca922ae67d7d5ef53240891bde1 100644 (file)
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -3889,9 +3889,12 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
       length=(size_t) (GetQuantumRange(info.depth)+1);
       if (length > GetBlobSize(image)) 
         ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile");
-      info.scale=(Quantum *) AcquireQuantumMemory(length,sizeof(*info.scale));
+      info.scale=(Quantum *) AcquireQuantumMemory(MagickMax(length,256),
+        sizeof(*info.scale));
       if (info.scale == (Quantum *) NULL)
         ThrowDCMException(ResourceLimitError,"MemoryAllocationFailed");
+      (void) ResetMagickMemory(info.scale,0,MagickMax(length,256)*
+        sizeof(*info.scale));
       range=GetQuantumRange(info.depth);
       for (i=0; i <= (ssize_t) GetQuantumRange(info.depth); i++)
         info.scale[i]=ScaleAnyToQuantum((size_t) i,range);