1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From f9ca2521de918c342618ee4dc0a01b70c92c024e Mon Sep 17 00:00:00 2001
From: Remi Collet <remi@remirepo.net>
Date: Wed, 23 Jun 2021 16:42:15 +0200
Subject: [PATCH] fix memory corruption in ConcatenateStringInfo
---
MagickCore/string.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/MagickCore/string.c b/MagickCore/string.c
index dccef76a27..691d55034d 100644
--- a/MagickCore/string.c
+++ b/MagickCore/string.c
@@ -530,7 +530,6 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
length+=source->length;
if (~length < MagickPathExtent)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
- string_info->length=length;
if (string_info->datum == (unsigned char *) NULL)
string_info->datum=(unsigned char *) AcquireQuantumMemory(length+
MagickPathExtent,sizeof(*string_info->datum));
@@ -540,7 +539,8 @@ MagickExport void ConcatenateStringInfo(StringInfo *string_info,
sizeof(*string_info->datum));
if (string_info->datum == (unsigned char *) NULL)
ThrowFatalException(ResourceLimitFatalError,"MemoryAllocationFailed");
- (void) memcpy(string_info->datum+length,source->datum,source->length);
+ (void) memcpy(string_info->datum+string_info->length,source->datum,source->length);
+ string_info->length=length;
}
/*
|