From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 3 Apr 2018 17:35:50 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7329
X-Git-Tag: 7.0.7-29~205
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=79ee4b96b5dbb8785bec26e0162600268aa095b6;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7329
---

diff --git a/coders/heic.c b/coders/heic.c
index 580efbf20..df48726ce 100644
--- a/coders/heic.c
+++ b/coders/heic.c
@@ -413,10 +413,11 @@ static MagickBooleanType ParseIpcoAtom(Image *image, DataBuffer *db,
     if (prop->data != (uint8_t *) NULL)
       prop->data=(uint8_t *) RelinquishMagickMemory(prop->data);
     prop->data = (uint8_t *) AcquireCriticalMemory(prop->size+4);
+    (void) memset(prop->data, 0, prop->size+4);
     if (DBChop(&propDb, db, prop->size) != MagickTrue) {
       ThrowAndReturn("incorrect read size");
     }
-    memcpy(prop->data, propDb.data, prop->size+4);
+    memcpy(prop->data, propDb.data, prop->size);
 
     switch (prop->type) {
       case ATOM('h', 'v', 'c', 'C'):