More bug reports

[maksqwe]

- typo
xml-tree.c 2564
char *XMLTreeTagToXML(XMLTreeInfo *xml_info,char **source,size_t *length, size_t *extent,size_t start,char ***attributes)

Code: Select all

*source=(char *) ResizeQuantumMemory(*source,*extent,sizeof(*source)); // should be sizeof(**source)

-----------------------------------------------
possible single-byte overflow on Windows
nt-base.c 1560
nt-base.c 1571

Code: Select all

if(wcsncat(file_specification,(const wchar_t*) DirectorySeparator,  MaxTextExtent) == (wchar_t*)NULL)

strncat() copies up to n chars and then appends a \0, thus writing a total of n+1 bytes. The supplied value for n should be "sizeof(strbuf) - strlen(strbuf) - 1".

Code: Select all

if(wcsncat(file_specification,(const wchar_t*) DirectorySeparator,  MaxTextExtent - wcslen(file_specification) - 1) == (wchar_t*)NULL)

[dlemstra]

Fixed, you can just reply to this post if you find more.

[maksqwe]

One more

fits.c 310

(void) ResetMagickMemory(&fits_info,0,sizeof(fits_info));
fits_info.extend=MagickFalse;
fits_info.simple=MagickFalse;
fits_info.bits_per_pixel=8;
fits_info.columns=1;
fits_info.rows=1; // <==
fits_info.rows=1; // <==
fits_info.number_planes=1;
fits_info.min_data=0.0;
fits_info.max_data=0.0;
fits_info.zero=0.0;
fits_info.scale=1.0;
fits_info.endian=MSBEndian;

fits_info.number_axes is missing

[dlemstra]

Should it not be initialized at zero?

[maksqwe]

Should it not be initialized at zero?

Yes, I see. "ResetMagickMemory(&fits_info,0,sizeof(fits_info));"
Therefore this is harmless double assignment only.

[magick]

We'll remove the double assignment in ImageMagick 6.9.1-5 Beta, available by sometime tomorrow.