From: Cristy Date: Wed, 13 Mar 2019 13:58:42 +0000 (-0400) Subject: ... X-Git-Tag: 7.0.8-34~1 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=860af935df3e1c78f7e4d142c9cbe116c29de2a8;p=imagemagick ... --- diff --git a/ChangeLog b/ChangeLog index a1fc4b8cd..9e8a2b7dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 2019-03-11 7.0.8-34 Cristy * Associate one lock with each resource. * Report exception if opening TIFF did not work out. + * Fixed numerous use of uninitialized values, integer overflow, memory + exceeded, and timeouts (credit to OSS Fuzz). 2019-03-10 7.0.8-33 Cristy * Release ImageMagick version 7.0.8-33, GIT revision 15401:c805e3205:20190310 diff --git a/coders/svg.c b/coders/svg.c index d78172a5d..6cc261df0 100644 --- a/coders/svg.c +++ b/coders/svg.c @@ -1622,7 +1622,7 @@ static void SVGStartElement(void *context,const xmlChar *name, char *text; - text=EscapeString(svg_info->text,'\''); + text=EscapeString(svg_info->text,'\"'); (void) FormatLocaleFile(svg_info->file,"text %g,%g \"%s\"\n", svg_info->bounds.x-svg_info->center.x,svg_info->bounds.y- svg_info->center.y,text); @@ -2847,7 +2847,7 @@ static void SVGEndElement(void *context,const xmlChar *name) *text; SVGStripString(MagickTrue,svg_info->text); - text=EscapeString(svg_info->text,'\''); + text=EscapeString(svg_info->text,'\"'); (void) FormatLocaleFile(svg_info->file,"text 0,0 \"%s\"\n",text); text=DestroyString(text); *svg_info->text='\0'; @@ -2865,7 +2865,7 @@ static void SVGEndElement(void *context,const xmlChar *name) *text; (void) FormatLocaleFile(svg_info->file,"class \"tspan\"\n"); - text=EscapeString(svg_info->text,'\''); + text=EscapeString(svg_info->text,'\"'); (void) FormatLocaleFile(svg_info->file,"text %g,%g \"%s\"\n", svg_info->bounds.x-svg_info->center.x,svg_info->bounds.y- svg_info->center.y,text);