From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 7 Feb 2018 22:27:01 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6074
X-Git-Tag: 7.0.7-23~109
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=96adea4dfe488adaa1e4f06e2de09c4da8d8cb84;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6074
---

diff --git a/coders/dcm.c b/coders/dcm.c
index 8885e1dd2..eff8818a9 100644
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -3889,9 +3889,12 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
       length=(size_t) (GetQuantumRange(info.depth)+1);
       if (length > GetBlobSize(image)) 
         ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile");
-      info.scale=(Quantum *) AcquireQuantumMemory(length,sizeof(*info.scale));
+      info.scale=(Quantum *) AcquireQuantumMemory(MagickMax(length,256),
+        sizeof(*info.scale));
       if (info.scale == (Quantum *) NULL)
         ThrowDCMException(ResourceLimitError,"MemoryAllocationFailed");
+      (void) ResetMagickMemory(info.scale,0,MagickMax(length,256)*
+        sizeof(*info.scale));
       range=GetQuantumRange(info.depth);
       for (i=0; i <= (ssize_t) GetQuantumRange(info.depth); i++)
         info.scale[i]=ScaleAnyToQuantum((size_t) i,range);