1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 83fc01755a8cfd082000085e89a2cced085b1326 Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 23 Jun 2021 16:42:15 +0200
Subject: [PATCH] fix memory corruption in ConcatenateStringInfo
---
magick/string.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/magick/string.c b/magick/string.c
index 23f9361d0..5535b9a51 100644
--- a/magick/string.c
+++ b/magick/string.c
@@ -564,7 +564,6 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
length+=source->length;
if (~length < MagickPathExtent)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
- string_info->length=length;
if (string_info->datum == (unsigned char *) NULL)
string_info->datum=(unsigned char *) AcquireQuantumMemory(length+
MagickPathExtent,sizeof(*string_info->datum));
@@ -574,7 +573,8 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
sizeof(*string_info->datum));
if (string_info->datum == (unsigned char *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
- (void) memcpy(string_info->datum+length,source->datum,source->length);
+ (void) memcpy(string_info->datum+string_info->length,source->datum,source->length);
+ string_info->length=length;
}
�
/*
|
