]> granicus.if.org Git - imagemagick/commitdiff
projects / imagemagick / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: a971941)
Added check for comment length (https://bugs.chromium.org/p/oss-fuzz/issues/detail...
authorDirk Lemstra <dirk@git.imagemagick.org>
Sun, 8 Apr 2018 12:38:43 +0000 (14:38 +0200)
committerDirk Lemstra <dirk@git.imagemagick.org>
Sun, 8 Apr 2018 12:38:43 +0000 (14:38 +0200)
coders/tga.c patch | blob | history

diff --git a/coders/tga.c b/coders/tga.c
index 31173efaf7914f7f884d584d90ceced72fbd8ef8..b94164bc6a28a671aea3f2b8d6765825470e00b2 100644 (file)
--- a/coders/tga.c
+++ b/coders/tga.c
@@ -296,10 +296,13 @@ static Image *ReadTGAImage(const ImageInfo *image_info,
           sizeof(*comment));
       if (comment == (char *) NULL)
         ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
-      count=ReadBlob(image,tga_info.id_length,(unsigned char *) comment);
-      comment[tga_info.id_length]='\0';
-      (void) SetImageProperty(image,"comment",comment,exception);
-      comment=DestroyString(comment);
+      count=ReadBlob(image,length,(unsigned char *) comment);
+      if (count == length)
+        {
+          comment[length]='\0';
+          (void) SetImageProperty(image,"comment",comment,exception);
+          comment=DestroyString(comment);
+        }
     }
   if (tga_info.attributes & (1UL << 4))
     {
Unnamed repository; edit this file 'description' to name the repository.