Bug in ValidateEntities() in MagickCore/xml-tree.c

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
thakis
Posts: 2
Joined: 2013-12-27T16:45:20-07:00
Authentication code: 6789

Bug in ValidateEntities() in MagickCore/xml-tree.c

Post by thakis »

Hi,

in MagickCore/xml-tree.c, function ValidateEntities contains this code:

while ((entities != (char *) NULL) &&
(strncmp(entities,xml+1,strlen(entities) == 0)))

Note that the parenthesis for the strncmp is wrong: it is `strncmp(a, b, strlen() == 0)` but should be `strncmp(a, b, strlen()) == 0`.

This was found by clang's new -Wmemsize-comparison warning.

(Is this the right place to report bugs?)
Top
thakis
Posts: 2
Joined: 2013-12-27T16:45:20-07:00
Authentication code: 6789

Re: Bug in ValidateEntities() in MagickCore/xml-tree.c

Post by thakis »

I also reported this through the "contact developers" form, and received this reply:

"""We can reproduce the problem you posted and have a patch in ImageMagick 6.8.8-1 Beta, available by sometime tomorrow. Thanks."""
Top
Post Reply

Return to “Developers”