From: Cristy Date: Sat, 10 Feb 2018 17:38:53 +0000 (-0500) Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6196 X-Git-Tag: 7.0.7-23~74 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7a98246a075d55f2eb5bad40028a28f3cfdd97c1;p=imagemagick https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6196 --- diff --git a/MagickCore/string.c b/MagickCore/string.c index 9a0853dab..cafe63c26 100644 --- a/MagickCore/string.c +++ b/MagickCore/string.c @@ -191,6 +191,7 @@ MagickExport StringInfo *AcquireStringInfo(const size_t length) string_info->length+MagickPathExtent,sizeof(*string_info->datum)); if (string_info->datum == (unsigned char *) NULL) ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed"); + (void) memset(string_info->datum,0,length+MagickPathExtent); return(string_info); } @@ -237,8 +238,7 @@ MagickExport StringInfo *BlobToStringInfo(const void *blob,const size_t length) } if (blob != (const void *) NULL) (void) memcpy(string_info->datum,blob,length); - else - (void) memset(string_info->datum,0,length); + (void) memset(string_info->datum+length,0,MagickPathExtent); return(string_info); } @@ -254,7 +254,7 @@ MagickExport StringInfo *BlobToStringInfo(const void *blob,const size_t length) %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% % % CloneString() replaces or frees the destination string to make it -% a clone of the input string plus MagickPathExtent more space so the string +% a clone of the input string plus MagickPathExtent more space so the string % may be worked on. % % If source is a NULL pointer the destination string will be freed and set to @@ -1566,7 +1566,7 @@ MagickExport void PrintStringInfo(FILE *file,const char *id, break; p++; } - (void) FormatLocaleFile(file,"%s(%.20g): ",id,(double) string_info->length); + (void) FormatLocaleFile(file,"%s(%.20g):\n",id,(double) string_info->length); if (i == string_info->length) { for (i=0; i < string_info->length; i++) @@ -1668,15 +1668,15 @@ MagickExport char *SanitizeString(const char *source) const char *q; - + register char *p; - + static char whitelist[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 " "$-_.+!*'(),{}|\\^~[]`\"><#%;/?:@&="; - + sanitize_source=AcquireString(source); p=sanitize_source; q=sanitize_source+strlen(sanitize_source);