From 8b28a8708ca994c7c9f211d562a8109621cf4d15 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 25 Dec 2018 08:34:29 -0500
Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12216

---
 MagickCore/blob.c   | 2 ++
 MagickCore/cache.c  | 6 ++++--
 MagickCore/memory.c | 2 +-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/MagickCore/blob.c b/MagickCore/blob.c
index 6f1d1f148..9d13fb63f 100644
--- a/MagickCore/blob.c
+++ b/MagickCore/blob.c
@@ -4917,6 +4917,8 @@ MagickExport MagickOffsetType SeekBlob(Image *image,
         }
         case SEEK_CUR:
         {
+          if (blob_info->offset > (SSIZE_MAX-offset))
+            return(-1);
           if ((blob_info->offset+offset) < 0)
             return(-1);
           blob_info->offset+=offset;
diff --git a/MagickCore/cache.c b/MagickCore/cache.c
index 554d8e781..e5787ee45 100644
--- a/MagickCore/cache.c
+++ b/MagickCore/cache.c
@@ -190,7 +190,9 @@ MagickPrivate Cache AcquirePixelCache(const size_t number_threads)
   char
     *value;
 
-  cache_info=(CacheInfo *) AcquireCriticalMemory(sizeof(*cache_info));
+  cache_info=(CacheInfo *) AcquireAlignedMemory(1,sizeof(*cache_info));
+  if (cache_info == (CacheInfo *) NULL)
+    ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
   (void) memset(cache_info,0,sizeof(*cache_info));
   cache_info->type=UndefinedCache;
   cache_info->mode=IOMode;
@@ -1068,7 +1070,7 @@ MagickPrivate Cache DestroyPixelCache(Cache cache)
   if (cache_info->semaphore != (SemaphoreInfo *) NULL)
     RelinquishSemaphoreInfo(&cache_info->semaphore);
   cache_info->signature=(~MagickCoreSignature);
-  cache_info=(CacheInfo *) RelinquishMagickMemory(cache_info);
+  cache_info=(CacheInfo *) RelinquishAlignedMemory(cache_info);
   cache=(Cache) NULL;
   return(cache);
 }
diff --git a/MagickCore/memory.c b/MagickCore/memory.c
index 52edf10c3..2b64e9e0a 100644
--- a/MagickCore/memory.c
+++ b/MagickCore/memory.c
@@ -258,7 +258,7 @@ MagickExport void *AcquireAlignedMemory(const size_t count,const size_t quantum)
   size=count*quantum;
   alignment=CACHE_LINE_SIZE;
   extent=AlignedExtent(size,alignment);
-  if ((size == 0) || (extent < size))
+  if ((size == 0) || (alignment < sizeof(void *)) || (extent < size))
     return((void *) NULL);
 #if defined(MAGICKCORE_HAVE_POSIX_MEMALIGN)
   if (posix_memalign(&memory,alignment,extent) != 0)
-- 
2.40.0