From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 23 Mar 2018 17:42:06 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7078
X-Git-Tag: 7.0.7-28~42
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4e68394eb43bc92229991799794ca5a3a96ff8e6;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7078
---

diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index 811ff6da7..34cbdf6e5 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -1521,7 +1521,7 @@ static MagickBooleanType DrawDashPolygon(const DrawInfo *draw_info,
   for (i=0; primitive_info[i].primitive != UndefinedPrimitive; i++) ;
   number_vertices=(size_t) i;
   dash_polygon=(PrimitiveInfo *) AcquireQuantumMemory((size_t)
-    (2UL*(number_vertices+3UL)+3UL),sizeof(*dash_polygon));
+    (2UL*(number_vertices+6UL)+6UL),sizeof(*dash_polygon));
   if (dash_polygon == (PrimitiveInfo *) NULL)
     return(MagickFalse);
   clone_info=CloneDrawInfo((ImageInfo *) NULL,draw_info);