[FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of Service

author Cristy <urban-warrior@imagemagick.org>

Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)

committer Cristy <urban-warrior@imagemagick.org>

Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)
author Cristy <urban-warrior@imagemagick.org>
Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)
committer Cristy <urban-warrior@imagemagick.org>
Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)
diff --git a/coders/svg.c b/coders/svg.c

index 2bc3c1f6b720057277686b414100ca83f100c759..1875ad04df0b00308df38b0c860d952f449a1405 100644 (file)
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -65,9 +65,10 @@
  #include "MagickCore/module.h"
  #include "MagickCore/monitor.h"
  #include "MagickCore/monitor-private.h"
-#include "MagickCore/quantum-private.h"
+#include "MagickCore/option.h"
  #include "MagickCore/pixel-accessor.h"
  #include "MagickCore/property.h"
+#include "MagickCore/quantum-private.h"
  #include "MagickCore/resource_.h"
  #include "MagickCore/static.h"
  #include "MagickCore/string_.h"
@@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
    message[n]='\0';
    if (n > 0)
      {
+      const char
+        *value;
+
        svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *)
          message,n,image->filename);
-      (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
+      value=GetImageOption(image_info,"svg:xml-parse-huge");
+      if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse))
+        (void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
        while ((n=ReadBlob(image,MagickPathExtent-1,message)) != 0)
        {
          message[n]='\0';
author	Cristy <urban-warrior@imagemagick.org>
	Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)
committer	Cristy <urban-warrior@imagemagick.org>
	Wed, 23 Oct 2019 10:01:08 +0000 (06:01 -0400)