render.c: Fix SourceForge issue #448 "Heap out of bounds read in DrawDashPolygon()"
authorBob Friesenhahn <bfriesen@GraphicsMagick.org>
Sun, 10 Sep 2017 15:37:54 -0500
changeset 15163 2835184bfb78
parent 15162 7ccf29bc782e
child 15164 3f1f1ae9e3f3
render.c: Fix SourceForge issue #448 "Heap out of bounds read in DrawDashPolygon()"
ChangeLog
magick/render.c
www/Changelog.html
--- a/ChangeLog	Sun Sep 10 15:18:27 2017 -0500
+++ b/ChangeLog	Sun Sep 10 15:37:54 2017 -0500
@@ -1,5 +1,9 @@
 2017-09-10  Bob Friesenhahn  <bfriesen@simple.dallas.tx.us>
 
+	* magick/render.c (DrawImage): Fix SourceForge issue #448 "Heap
+	out of bounds read in DrawDashPolygon()".  Problem was reported by
+	Kamil Frankowicz on August 28, 2017.
+
 	* coders/uil.c (WriteUILImage): Fix crash in UIL writer when
 	writing image containing transparency.  Issue was reported by
 	LCatro via email on 18 Jul 2017.
--- a/magick/render.c	Sun Sep 10 15:18:27 2017 -0500
+++ b/magick/render.c	Sun Sep 10 15:37:54 2017 -0500
@@ -2723,7 +2723,7 @@
                     MagickGetToken(p,&p,token,token_max_length);
                 }
                 graphic_context[n]->dash_pattern=
-		  MagickAllocateArray(double *,(2*x+1),sizeof(double));
+		  MagickAllocateArray(double *,(2*x+2),sizeof(double));
                 if (graphic_context[n]->dash_pattern == (double *) NULL)
                   {
                     status=MagickFail;
--- a/www/Changelog.html	Sun Sep 10 15:18:27 2017 -0500
+++ b/www/Changelog.html	Sun Sep 10 15:37:54 2017 -0500
@@ -38,6 +38,9 @@
 <p>2017-09-10  Bob Friesenhahn  &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
 <blockquote>
 <ul class="simple">
+<li>magick/render.c (DrawImage): Fix SourceForge issue #448 &quot;Heap
+out of bounds read in DrawDashPolygon()&quot;.  Problem was reported by
+Kamil Frankowicz on August 28, 2017.</li>
 <li>coders/uil.c (WriteUILImage): Fix crash in UIL writer when
 writing image containing transparency.  Issue was reported by
 LCatro via email on 18 Jul 2017.</li>