From f9ca2521de918c342618ee4dc0a01b70c92c024e Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 23 Jun 2021 16:42:15 +0200
Subject: [PATCH] fix memory corruption in ConcatenateStringInfo

---
 MagickCore/string.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/MagickCore/string.c b/MagickCore/string.c
index dccef76a27..691d55034d 100644
--- a/MagickCore/string.c
+++ b/MagickCore/string.c
@@ -530,7 +530,6 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
   length+=source->length;
   if (~length < MagickPathExtent)
     ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
-  string_info->length=length;
   if (string_info->datum == (unsigned char *) NULL)
     string_info->datum=(unsigned char *) AcquireQuantumMemory(length+
       MagickPathExtent,sizeof(*string_info->datum));
@@ -540,7 +539,8 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
       sizeof(*string_info->datum));
   if (string_info->datum == (unsigned char *) NULL)
     ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
-  (void) memcpy(string_info->datum+length,source->datum,source->length);
+  (void) memcpy(string_info->datum+string_info->length,source->datum,source->length);
+  string_info->length=length;
 }
 
 /*