https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10106

author Cristy <urban-warrior@imagemagick.org>

Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)

committer Cristy <urban-warrior@imagemagick.org>

Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)
author Cristy <urban-warrior@imagemagick.org>
Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)
committer Cristy <urban-warrior@imagemagick.org>
Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)
diff --git a/MagickCore/draw.c b/MagickCore/draw.c

index d3d603c89bac3739d1db5ad4ad7604dbc641a3b5..0104f845b00da688aff30c6e9192779d2289613f 100644 (file)
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -3994,6 +3994,12 @@ static MagickBooleanType RenderMVGContent(Image *image,
          beta=bounds.y2-bounds.y1;
          radius=hypot(alpha,beta);
          coordinates=2.0*(ceil(MagickPI*radius))+6.0*BezierQuantum+360.0;
+        if (coordinates > (MaxBezierCoordinates/4))
+          {
+            (void) ThrowMagickException(exception,GetMagickModule(),DrawError,
+              "TooManyBezierCoordinates","`%s'",token);
+            status=MagickFalse;
+          }
          break;
        }
        default:
author	Cristy <urban-warrior@imagemagick.org>
	Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)
committer	Cristy <urban-warrior@imagemagick.org>
	Fri, 31 Aug 2018 00:04:20 +0000 (20:04 -0400)