From be9543deae7bcdad5fa34532cffc0858a1b7514f Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sun, 23 Nov 2014 13:55:19 +0100
Subject: [PATCH] CVE-2014-1947: Fix buffer overrun

Origin: backport, http://trac.imagemagick.org/changeset/13736
Bug-Debian: http://bugs.debian.org/740250
Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=1064098
Forwarded: not-needed
Last-Update: 2014-03-15
---
 coders/psd.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/coders/psd.c b/coders/psd.c
index 46b4578..a2ff5d9 100644
--- a/coders/psd.c
+++ b/coders/psd.c
@@ -2005,8 +2005,8 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image)
     num_channels,
     packet_size;
 
-  unsigned char
-    layer_name[4];
+  char
+    layer_name[MaxTextExtent];
 
   unsigned long
     channel_size,
@@ -2239,9 +2239,9 @@ compute_layer_info:
         (void) WriteBlob(image, 3, &layer_name[1]);
         */
       } else {
-        (void) FormatMagickString((char *) layer_name,MaxTextExtent,"L%02ld",
+        (void) FormatMagickString(layer_name,MaxTextExtent,"L%02ld",
           layer_count++ );
-        WritePascalString( image, (char*)layer_name, 4 );
+        WritePascalString( image, layer_name, 4 );
       }
       tmp_image = GetNextImageInList(tmp_image);
     };
-- 
2.1.4