From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 22 Mar 2018 23:56:50 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7064
X-Git-Tag: 7.0.7-28~49
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a94342fc520f3a8c6e301095963710361631f3e;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7064
---

diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index 24bf95b5f..dd2941e61 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -3105,6 +3105,23 @@ MagickExport MagickBooleanType DrawImage(Image *image,const DrawInfo *draw_info,
       }
       case EllipsePrimitive:
       {
+        double
+          alpha,
+          beta,
+          coordinates,
+          radius;
+
+        alpha=bounds.x2-bounds.x1;
+        beta=bounds.y2-bounds.y1;
+        radius=hypot(alpha,beta);
+        coordinates=2.0*ceil(MagickPI*MagickPI*radius)+6*BezierQuantum+360;
+        if (coordinates > 1.0e+06)
+          { 
+            (void) ThrowMagickException(exception,GetMagickModule(),DrawError,
+              "TooManyBezierCoordinates","`%s'",token);
+            status=MagickFalse;
+            break;
+          }
         points_extent=(double) EllipsePoints(primitive_info+j,
           primitive_info[j].point,primitive_info[j+1].point,
           primitive_info[j+2].point);