From: Cristy Date: Tue, 12 Jun 2018 00:06:44 +0000 (-0400) Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8838 X-Git-Tag: 7.0.8-0~10 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ca3e895a8ce9a5c08747d173fd58db4d0843de26;p=imagemagick https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8838 --- diff --git a/ChangeLog b/ChangeLog index 0a87ed0c5..819a32ac3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2018-06-11 7.0.8-0 + * Fixed numerous use of uninitialized values, integer overflow, memory + exceeded, and timeouts (credit to OSS Fuzz). + 2018-06-11 7.0.7-39 Cristy * Release ImageMagick version 7.0.7-39, GIT revision 14445:cc962acde:20180611. diff --git a/MagickCore/draw.c b/MagickCore/draw.c index d3f9f9984..17741ea23 100644 --- a/MagickCore/draw.c +++ b/MagickCore/draw.c @@ -2217,9 +2217,11 @@ static MagickBooleanType CheckPrimitiveExtent(MVGInfo *mvg_info, return(MagickTrue); *mvg_info->primitive_info=ResizeQuantumMemory(*mvg_info->primitive_info, extent,sizeof(**mvg_info->primitive_info)); - *mvg_info->extent=extent; if (*mvg_info->primitive_info != (PrimitiveInfo *) NULL) - return(MagickTrue); + { + *mvg_info->extent=extent; + return(MagickTrue); + } /* Reallocation failed, allocate a primitive to facilitate unwinding. */ @@ -4247,9 +4249,11 @@ MagickExport MagickBooleanType DrawImage(Image *image,const DrawInfo *draw_info, if (primitive_info != (PrimitiveInfo *) NULL) { for (i=0; primitive_info[i].primitive != UndefinedPrimitive; i++) - if (primitive_info[i].text != (char *) NULL) - primitive_info[i].text=(char *) RelinquishMagickMemory( - primitive_info[i].text); + if ((primitive_info[i].primitive == TextPrimitive) || + (primitive_info[i].primitive == ImagePrimitive)) + if (primitive_info[i].text != (char *) NULL) + primitive_info[i].text=(char *) RelinquishMagickMemory( + primitive_info[i].text); primitive_info=(PrimitiveInfo *) RelinquishMagickMemory(primitive_info); } primitive=DestroyString(primitive);