From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 28 Mar 2018 00:01:06 +0000 (-0400)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7163
X-Git-Tag: 7.0.7-29~286
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fb249609d447af88f0a2ef1b953d4be1184513ca;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7163
---

diff --git a/MagickCore/fx.c b/MagickCore/fx.c
index ab05a5953..2aeab5e02 100644
--- a/MagickCore/fx.c
+++ b/MagickCore/fx.c
@@ -1255,7 +1255,6 @@ static double FxGetSymbol(FxInfo *fx_info,const PixelChannel channel,
 {
   char
     *q,
-    subexpression[MagickPathExtent],
     symbol[MagickPathExtent];
 
   const char
@@ -1292,6 +1291,10 @@ static double FxGetSymbol(FxInfo *fx_info,const PixelChannel channel,
   point.y=(double) y;
   if (isalpha((int) ((unsigned char) *(p+1))) == 0)
     {
+      char
+        *subexpression;
+
+      subexpression=AcquireString(expression);
       if (strchr("suv",(int) *p) != (char *) NULL)
         {
           switch (*p)
@@ -1390,6 +1393,7 @@ static double FxGetSymbol(FxInfo *fx_info,const PixelChannel channel,
           if (*p == '.')
             p++;
         }
+      subexpression=DestroyString(subexpression);
     }
   length=GetImageListLength(fx_info->images);
   while (i < 0)