Memory access bug in string.c

Questions and postings pertaining to the development of ImageMagick, feature enhancements, and ImageMagick internals. ImageMagick source code and algorithms are discussed here. Usage questions which are too arcane for the normal user list should also be posted here.
Post Reply
bernhard
Posts: 1
Joined: 2011-03-25T03:52:48-07:00
Authentication code: 8675308

Memory access bug in string.c

Post by bernhard »

Hi!

I found a invalid memory access bug detected in the actual SVN-Version of magick/string.c

The memcpy() commands exceeds the length of the source string in CloneString(), AcquireString() and ConstantString().

Code: Select all

<(void) memcpy(destination,source,length*sizeof(*destination));
>(void) memcpy(destination,source,length*sizeof(char));
This results into an access violation running a static linked debug version in VS2010

Anyway, Thanks for your Great Library!
Bernhard
Top
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Memory access bug in string.c

Post by magick »

The bug you reported only affects CloneString(). There was a missing indirect pointer. Instead of *destination it should be **destination. We have a patch in ImageMagick 6.6.8-8 Beta available by sometime tomorrow. Thanks.
Top
Post Reply

Return to “Developers”