From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 10 Jun 2018 16:58:28 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8822
X-Git-Tag: 7.0.7-39~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=961da2092699d342fe0e04953d46d8b0e82adf2a;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8822
---

diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index f9d511e4c..4d7b849d5 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -2216,17 +2216,17 @@ static MagickBooleanType CheckPrimitiveExtent(MVGInfo *mvg_info,
   if (extent <= *mvg_info->extent)
     return(MagickTrue);
   *mvg_info->primitive_info=ResizeQuantumMemory(*mvg_info->primitive_info,
-    extent,sizeof(*mvg_info->primitive_info));
+    extent,sizeof(**mvg_info->primitive_info));
   *mvg_info->extent=extent;
   if (*mvg_info->primitive_info != (PrimitiveInfo *) NULL)
     return(MagickTrue);
   /*
-    Reallocation failed, allocate 1 point to facilitate unwinding.
+    Reallocation failed, allocate a primitive to facilitate unwinding.
   */
   (void) ThrowMagickException(mvg_info->exception,GetMagickModule(),
     ResourceLimitError,"MemoryAllocationFailed","`%s'","");
   *mvg_info->primitive_info=AcquireCriticalMemory(
-    sizeof(*mvg_info->primitive_info));
+    sizeof(**mvg_info->primitive_info));
   *mvg_info->extent=1;
   mvg_info->offset=0;
   return(MagickFalse);