From cf1fe40643ae7a7a22316b18c4db5ab5448dac08 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 23 Jun 2021 17:21:49 +0200
Subject: fix memory corruption using fix from  
 https://github.com/ImageMagick/ImageMagick6/pull/160

---
 160.patch | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 160.patch

(limited to '160.patch')

diff --git a/160.patch b/160.patch
new file mode 100644
index 0000000..90d1736
--- /dev/null
+++ b/160.patch
@@ -0,0 +1,31 @@
+From 83fc01755a8cfd082000085e89a2cced085b1326 Mon Sep 17 00:00:00 2001
+From: Remi Collet <remi@remirepo.net>
+Date: Wed, 23 Jun 2021 16:42:15 +0200
+Subject: [PATCH] fix memory corruption in ConcatenateStringInfo
+
+---
+ magick/string.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/magick/string.c b/magick/string.c
+index 23f9361d0..5535b9a51 100644
+--- a/magick/string.c
++++ b/magick/string.c
+@@ -564,7 +564,6 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
+   length+=source->length;
+   if (~length < MagickPathExtent)
+     ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
+-  string_info->length=length;
+   if (string_info->datum == (unsigned char *) NULL)
+     string_info->datum=(unsigned char *) AcquireQuantumMemory(length+
+       MagickPathExtent,sizeof(*string_info->datum));
+@@ -574,7 +573,8 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
+       sizeof(*string_info->datum));
+   if (string_info->datum == (unsigned char *) NULL)
+     ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
+-  (void) memcpy(string_info->datum+length,source->datum,source->length);
++  (void) memcpy(string_info->datum+string_info->length,source->datum,source->length);
++  string_info->length=length;
+ }
+ 
+ /*
-- 
cgit