From: Cristy <mikayla-grace@urban-warrior.org>
Date: Tue, 12 Feb 2019 00:58:52 +0000 (-0500)
Subject: Heap buffer-overflow when processing a SVG image including a broken comment like... 
X-Git-Tag: 7.0.8-28~16
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=a4642512df99b296d289b4089c18455d772820d0;p=imagemagick

Heap buffer-overflow when processing a SVG image including a broken comment like "/*" in an attribute value (credit Nicolas Grégoire)
---

diff --git a/coders/svg.c b/coders/svg.c
index cd2085378..0663f715e 100644
--- a/coders/svg.c
+++ b/coders/svg.c
@@ -678,12 +678,12 @@ static void SVGStripString(const MagickBooleanType trim,char *message)
     *q++=(*p);
   }
   *q='\0';
-  if (trim != MagickFalse)
+  length=strlen(message);
+  if ((trim != MagickFalse) && (length != 0))
     {
       /*
         Remove whitespace.
       */
-      length=strlen(message);
       p=message;
       while (isspace((int) ((unsigned char) *p)) != 0)
         p++;