From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 5 Feb 2018 12:35:07 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6012
X-Git-Tag: 7.0.7-23~123
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8a4029f19811aa91b0a19d63a29f69a27019e70c;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6012
---

diff --git a/MagickCore/coder.c b/MagickCore/coder.c
index 8d98cd917..4836fc812 100644
--- a/MagickCore/coder.c
+++ b/MagickCore/coder.c
@@ -862,7 +862,7 @@ static MagickBooleanType LoadCoderCache(SplayTreeInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeNodeNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/color.c b/MagickCore/color.c
index f03d98616..0d3603e47 100644
--- a/MagickCore/color.c
+++ b/MagickCore/color.c
@@ -2066,7 +2066,7 @@ static MagickBooleanType LoadColorCache(LinkedListInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/configure.c b/MagickCore/configure.c
index ed44d1310..e02a0ef06 100644
--- a/MagickCore/configure.c
+++ b/MagickCore/configure.c
@@ -1214,7 +1214,7 @@ static MagickBooleanType LoadConfigureCache(LinkedListInfo *cache,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/delegate.c b/MagickCore/delegate.c
index f1bd613e2..ce13fb52a 100644
--- a/MagickCore/delegate.c
+++ b/MagickCore/delegate.c
@@ -2060,7 +2060,7 @@ static MagickBooleanType LoadDelegateCache(LinkedListInfo *cache,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/fx.c b/MagickCore/fx.c
index 75cea78a4..684a3ce78 100644
--- a/MagickCore/fx.c
+++ b/MagickCore/fx.c
@@ -106,7 +106,7 @@
 #define NotEqualOperator  0xfaU
 #define LogicalAndOperator  0xfbU
 #define LogicalOrOperator  0xfcU
-#define ExponentialNotation 0xfdU
+#define ExponentialNotation  0xfdU
 
 struct _FxInfo
 {
@@ -2109,6 +2109,12 @@ static double FxEvaluateSubexpression(FxInfo *fx_info,
     *p;
 
   *beta=0.0;
+  if (*depth > MagickMaxRecursionDepth)
+    {
+      (void) ThrowMagickException(exception,GetMagickModule(),OptionError,
+        "UnableToParseExpression","`%s'",expression);
+      return(0.0);
+    }
   if (exception->severity >= ErrorException)
     return(0.0);
   while (isspace((int) ((unsigned char) *expression)) != 0)
diff --git a/MagickCore/locale.c b/MagickCore/locale.c
index a41e190e2..61466fc5e 100644
--- a/MagickCore/locale.c
+++ b/MagickCore/locale.c
@@ -70,7 +70,6 @@
 #  define MAGICKCORE_LOCALE_SUPPORT
 #endif
 #define LocaleFilename  "locale.xml"
-#define MaxRecursionDepth  200
 
 /*
   Static declarations.
@@ -1244,7 +1243,7 @@ static MagickBooleanType LoadLocaleCache(SplayTreeInfo *cache,const char *xml,
             }
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/log.c b/MagickCore/log.c
index 46ea1770c..8f39713f4 100644
--- a/MagickCore/log.c
+++ b/MagickCore/log.c
@@ -1510,7 +1510,7 @@ static MagickBooleanType LoadLogCache(LinkedListInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/magic.c b/MagickCore/magic.c
index ce3635e73..01e5587e6 100644
--- a/MagickCore/magic.c
+++ b/MagickCore/magic.c
@@ -895,7 +895,7 @@ static MagickBooleanType LoadMagicCache(LinkedListInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/mime.c b/MagickCore/mime.c
index 3a9837f4c..0416bc038 100644
--- a/MagickCore/mime.c
+++ b/MagickCore/mime.c
@@ -825,7 +825,7 @@ static MagickBooleanType LoadMimeCache(LinkedListInfo *cache,const char *xml,
     attribute=GetXMLTreeAttribute(include,"file");
     if (attribute != (const char *) NULL)
       {
-        if (depth > 200)
+        if (depth > MagickMaxRecursionDepth)
           (void) ThrowMagickException(exception,GetMagickModule(),
             ConfigureError,"IncludeElementNestedTooDeeply","`%s'",filename);
         else
diff --git a/MagickCore/policy.c b/MagickCore/policy.c
index 7e5ed11fc..29ae0df55 100644
--- a/MagickCore/policy.c
+++ b/MagickCore/policy.c
@@ -834,7 +834,7 @@ static MagickBooleanType LoadPolicyCache(LinkedListInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeElementNestedTooDeeply","`%s'",token);
               else
diff --git a/MagickCore/studio.h b/MagickCore/studio.h
index 4b1061836..291f2cfdb 100644
--- a/MagickCore/studio.h
+++ b/MagickCore/studio.h
@@ -336,6 +336,7 @@ extern int vsnprintf(char *,size_t,const char *,va_list);
 /*
   Magick defines.
 */
+#define MagickMaxRecursionDepth  1024
 #define Swap(x,y) ((x)^=(y), (y)^=(x), (x)^=(y))
 #if defined(_MSC_VER)
 # define DisableMSCWarning(nr) __pragma(warning(push)) \
diff --git a/MagickCore/type.c b/MagickCore/type.c
index 2592f16d7..ff02a7e18 100644
--- a/MagickCore/type.c
+++ b/MagickCore/type.c
@@ -1138,7 +1138,7 @@ static MagickBooleanType LoadTypeCache(SplayTreeInfo *cache,const char *xml,
           GetNextToken(q,&q,extent,token);
           if (LocaleCompare(keyword,"file") == 0)
             {
-              if (depth > 200)
+              if (depth > MagickMaxRecursionDepth)
                 (void) ThrowMagickException(exception,GetMagickModule(),
                   ConfigureError,"IncludeNodeNestedTooDeeply","`%s'",token);
               else