From: Cristy <urban-warrior@imagemagick.org>
Date: Sat, 20 Jan 2018 22:14:44 +0000 (-0500)
Subject: Check for resource overflow
X-Git-Tag: 7.0.7-22~20
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=b48da02fb6d3951ee95bca3b8ac206ad1fd39110;p=imagemagick

Check for resource overflow
Credit OSS Fuzz
---

diff --git a/MagickCore/magick-type.h b/MagickCore/magick-type.h
index b5229de6a..cc00cd390 100644
--- a/MagickCore/magick-type.h
+++ b/MagickCore/magick-type.h
@@ -29,11 +29,11 @@ extern "C" {
 #endif
 
 #if defined(MAGICKCORE_WINDOWS_SUPPORT) && !defined(__MINGW32__)
-#  define MagickLLConstant(c)  (MagickOffsetType) (c ## i64)
-#  define MagickULLConstant(c)  (MagickSizeType) (c ## ui64)
+#  define MagickLLConstant(c)  ((MagickOffsetType) (c ## i64))
+#  define MagickULLConstant(c)  ((MagickSizeType) (c ## ui64))
 #else
-#  define MagickLLConstant(c)  (MagickOffsetType) (c ## LL)
-#  define MagickULLConstant(c)  (MagickSizeType) (c ## ULL)
+#  define MagickLLConstant(c)  ((MagickOffsetType) (c ## LL))
+#  define MagickULLConstant(c)  ((MagickSizeType) (c ## ULL))
 #endif
 
 #if MAGICKCORE_SIZEOF_FLOAT_T == 0
diff --git a/MagickCore/resource.c b/MagickCore/resource.c
index 650e967e0..5e81531d7 100644
--- a/MagickCore/resource.c
+++ b/MagickCore/resource.c
@@ -181,6 +181,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
   MagickSizeType
     limit;
 
+  if ((MagickOffsetType) size < 0)
+    return(MagickFalse);
   status=MagickFalse;
   logging=IsEventLogging();
   if (resource_semaphore == (SemaphoreInfo *) NULL)
@@ -207,6 +209,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
     }
     case MemoryResource:
     {
+      if ((resource_info.memory+(MagickOffsetType) size) < 0)
+        return(MagickFalse);
       resource_info.memory+=(MagickOffsetType) size;
       limit=resource_info.memory_limit;
       if ((limit == MagickResourceInfinity) ||
@@ -227,6 +231,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
     }
     case MapResource:
     {
+      if ((resource_info.map+(MagickOffsetType) size) < 0)
+        return(MagickFalse);
       resource_info.map+=(MagickOffsetType) size;
       limit=resource_info.map_limit;
       if ((limit == MagickResourceInfinity) ||
@@ -247,6 +253,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
     }
     case DiskResource:
     {
+      if ((resource_info.disk+(MagickOffsetType) size) < 0)
+        return(MagickFalse);
       resource_info.disk+=(MagickOffsetType) size;
       limit=resource_info.disk_limit;
       if ((limit == MagickResourceInfinity) ||
@@ -267,6 +275,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
     }
     case FileResource:
     {
+      if ((resource_info.file+(MagickOffsetType) size) < 0)
+        return(MagickFalse);
       resource_info.file+=(MagickOffsetType) size;
       limit=resource_info.file_limit;
       if ((limit == MagickResourceInfinity) ||
@@ -341,6 +351,8 @@ MagickExport MagickBooleanType AcquireMagickResource(const ResourceType type,
     }
     case TimeResource:
     {
+      if ((resource_info.time+(MagickOffsetType) size) < 0)
+        return(MagickFalse);
       resource_info.time+=(MagickOffsetType) size;
       limit=resource_info.time_limit;
       if ((limit == MagickResourceInfinity) ||