From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 2 Apr 2018 23:26:49 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7313
X-Git-Tag: 7.0.7-29~210
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=44100bd645d526400cb8f96c90a92ab8aa6f5e02;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7313
---

diff --git a/coders/heic.c b/coders/heic.c
index 82bc3b2ff..e4eb8af48 100644
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -412,7 +412,7 @@ static MagickBooleanType ParseIpcoAtom(Image *image, DataBuffer *db,
       ThrowAndReturn("insufficient data");
     if (prop->data != (uint8_t *) NULL)
       prop->data=(uint8_t *) RelinquishMagickMemory(prop->data);
-    prop->data = (uint8_t *) AcquireCriticalMemory(prop->size);
+    prop->data = (uint8_t *) AcquireCriticalMemory(prop->size+4);
     if (DBChop(&propDb, db, prop->size) != MagickTrue) {
       ThrowAndReturn("incorrect read size");
     }