From: Cristy <urban-warrior@imagemagick.org>
Date: Thu, 3 May 2018 22:48:21 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8132
X-Git-Tag: 7.0.7-31~25
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=98773439233351d08d75a880be1e912650d3b0d8;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8132
---

diff --git a/ChangeLog b/ChangeLog
index 2d17cbcdc..194eed25d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2018-05-03  7.0.7-31  <quetzlzacatenango@image...>
+  * Fixed numerous use of uninitialized values, integer overflow, memory
+    exceeded, and timeouts (credit to OSS Fuzz).
+
 2018-05-01  7.0.7-30 Cristy  <quetzlzacatenango@image...>
   * Release ImageMagick version 7.0.7-30, GIT revision 14242:730f1d1d3:20180501.
 
diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index ac8b21a08..c93612f5e 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -4429,7 +4429,10 @@ RestoreMSCWarning
   if ((bounds.x1 >= (double) image->columns) ||
       (bounds.y1 >= (double) image->rows) ||
       (bounds.x2 <= 0.0) || (bounds.y2 <= 0.0))
-    return(MagickTrue);
+    {
+      polygon_info=DestroyPolygonThreadSet(polygon_info);
+      return(MagickTrue);  /* virtual polygon */
+    }
   bounds.x1=bounds.x1 < 0.0 ? 0.0 : bounds.x1 >= (double) image->columns-1.0 ?
     (double) image->columns-1.0 : bounds.x1;
   bounds.y1=bounds.y1 < 0.0 ? 0.0 : bounds.y1 >= (double) image->rows-1.0 ?
@@ -6495,8 +6498,7 @@ static PrimitiveInfo *TraceStrokePolygon(const Image *image,
   const DrawInfo *draw_info,const PrimitiveInfo *primitive_info)
 {
 #define CheckPathExtent(pad) \
-  if (((p+(pad)) >= (ssize_t) max_strokes) || \
-      ((q+(pad)) >= (ssize_t) max_strokes)) \
+  if ((q+(pad)) >= (ssize_t) max_strokes) \
     { \
       if (~max_strokes < (pad)) \
         { \