GraphicsMagick / Bugs / #486 NULL pointer dereference in Magick::Options::strokeDashArray

#486 NULL pointer dereference in Magick::Options::strokeDashArray

Milestone: v1.0_(example)

Status: closed-fixed

Owner: Bob Friesenhahn

Labels: None

Priority: 5

Updated: 2017-09-30

Created: 2017-09-25

Creator: bestshow

Private: No

Here is the critical code: (in Magick::Options::strokeDashArray )

void Magick::Options::strokeDashArray ( const double* strokeDashArray_ )
{
  MagickFreeMemory(_drawInfo->dash_pattern);

  if(strokeDashArray_)
    {
      // Count elements in dash array
      unsigned int x;
      for (x=0; strokeDashArray_[x]; x++) {};
      // Allocate elements
      _drawInfo->dash_pattern = MagickAllocateMemory(double*,(x+1)*sizeof(double)); //509
      // Copy elements
      memcpy(_drawInfo->dash_pattern,strokeDashArray_,
             (x+1)*sizeof(double));
    }
}

MagickAllocateMemory(...) may return NULL, so the following operations on the "_drawInfo->dash_pattern" will Dereference Null pointer to cause memory error.

Credit : ADLab of Venustech

Discussion

Bob Friesenhahn - 2017-09-30

status: open --> closed-fixed

assigned_to: Bob Friesenhahn
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bob Friesenhahn - 2017-09-30

This problem is fixed by Mercurial changeset 15192:472bf9f2771f. Thanks for the report!

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

NULL pointer dereference in Magick::Options::strokeDashArray

Swiss army knife of image processing

Group

Searches

Help

#486 NULL pointer dereference in Magick::Options::strokeDashArray

Discussion