1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
Subject: [PATCH] Prevent buffer overflow in messaging system
NOTE: Upstream commit references this as CVE-2014-1947. But CVE-2014-1947 is
the CVE assigned for the issue fixed by
http://trac.imagemagick.org/changeset/13736
---
magick/locale.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
--- a/magick/locale.c
+++ b/magick/locale.c
@@ -738,6 +738,13 @@
exit(1);
}
+static inline size_t MagickMin(const unsigned int x,
+ const unsigned int y)
+{
+ if (x < y)
+ return(x);
+ return(y);
+}
static MagickBooleanType LoadLocaleList(const char *xml,const char *filename,
const char *locale,const unsigned long depth,ExceptionInfo *exception)
@@ -917,7 +924,8 @@
q--;
while ((isspace((int) ((unsigned char) *q)) != 0) && (q > p))
q--;
- (void) CopyMagickString(message,p,(size_t) (q-p+2));
+ (void) CopyMagickString(message,p,MagickMin(q-p+2,sizeof(message)-
+ strlen(message)));
locale_info=(LocaleInfo *) AcquireAlignedMemory(1,sizeof(*locale_info));
if (locale_info == (LocaleInfo *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
|
