From 3b722158fa14df203d378e3ebfa6ec484e268663 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Fri, 2 Feb 2018 20:43:50 -0500
Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5899

---
 MagickCore/draw.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/MagickCore/draw.c b/MagickCore/draw.c
index 49cc4de0a..7f65afc9b 100644
--- a/MagickCore/draw.c
+++ b/MagickCore/draw.c
@@ -2987,8 +2987,12 @@ MagickExport MagickBooleanType DrawImage(Image *image,const DrawInfo *draw_info,
       case BezierPrimitive:
       {
         if (primitive_info[j].coordinates > 107)
-          (void) ThrowMagickException(exception,GetMagickModule(),DrawError,
-            "TooManyBezierCoordinates","`%s'",token);
+          {
+            (void) ThrowMagickException(exception,GetMagickModule(),DrawError,
+              "TooManyBezierCoordinates","`%s'",token);
+            status=MagickFalse;
+            break;
+          }
         points_extent=(double) (BezierQuantum*primitive_info[j].coordinates);
         break;
       }
@@ -3030,6 +3034,13 @@ MagickExport MagickBooleanType DrawImage(Image *image,const DrawInfo *draw_info,
         alpha=bounds.x2-bounds.x1;
         beta=bounds.y2-bounds.y1;
         radius=hypot(alpha,beta);
+        if (points_extent > 21400)
+          {
+            (void) ThrowMagickException(exception,GetMagickModule(),DrawError,
+              "TooManyBezierCoordinates","`%s'",token);
+            status=MagickFalse;
+            break;
+          }
         points_extent=ceil(MagickPI*MagickPI*radius)+6*BezierQuantum+360;
         break;
       }
-- 
2.40.0