From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 3 Sep 2018 12:18:28 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10202
X-Git-Tag: 7.0.8-12~91
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=88a140b6bd8691b9ebfcf147f3a275ad2069bf8b;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10202
---

diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index da190b018..4ff763cc8 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -2244,7 +2244,7 @@ static MagickBooleanType CheckPrimitiveExtent(MVGInfo *mvg_info,
   if (~extent >= pad)
     {
       extent+=4096;
-      if (~extent >= 4096)
+      if ((~extent >= 4096) && (extent <= GetMaxMemoryRequest()))
         {
           if (extent <= *mvg_info->extent)
             return(MagickTrue);
@@ -2263,6 +2263,9 @@ static MagickBooleanType CheckPrimitiveExtent(MVGInfo *mvg_info,
   */
   (void) ThrowMagickException(mvg_info->exception,GetMagickModule(),
     ResourceLimitError,"MemoryAllocationFailed","`%s'","");
+  if (*mvg_info->primitive_info != (PrimitiveInfo *) NULL)
+    *mvg_info->primitive_info=(PrimitiveInfo *) 
+      RelinquishMagickMemory(*mvg_info->primitive_info);
   *mvg_info->primitive_info=AcquireCriticalMemory(4*
     sizeof(**mvg_info->primitive_info));
   (void) memset(*mvg_info->primitive_info,0,sizeof(**mvg_info->primitive_info));