aboutsummaryrefslogblamecommitdiffstats
path: root/community/graphicsmagick/CVE-2017-13648.patch
blob: f27c313ce14e346e299d8c9dd4ab1727402f44e7 (plain) (tree)






















                                                                                                                               

# HG changeset patch
# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
# Date 1505397055 18000
# Node ID a0e598438aa970f237fa9b35edce0728cc144f29
# Parent  cadd4b0522fa8b6b6e8ea6a5a9b4a5baebc1b011
MAT: Fix under-sized allocation leading to heap overflow.

diff -r cadd4b0522fa -r a0e598438aa9 coders/mat.c
--- a/coders/mat.c	Wed Sep 13 10:28:42 2017 -0400
+++ b/coders/mat.c	Thu Sep 14 08:50:55 2017 -0500
@@ -1050,9 +1050,10 @@
     }  
 
   /* ----- Load raster data ----- */
-    BImgBuff = MagickAllocateMemory(unsigned char *,(size_t) (ldblk));    /* Ldblk was set in the check phase */
+    BImgBuff = MagickAllocateArray(unsigned char *,(size_t) (ldblk),sizeof(double));    /* Ldblk was set in the check phase */
     if (BImgBuff == NULL)
       goto NoMemory;
+    (void) memset(BImgBuff,0,ldblk*sizeof(double));
 
     if (CellType==miDOUBLE)        /* Find Min and Max Values for floats */
     {