Legacy ImageMagick Discussions Archive

Use https://github.com/ImageMagick/ImageMagick/discussions instead.
https://imagemagick.com/discourse-server/

Memory access bug in string.c

https://imagemagick.com/discourse-server/viewtopic.php?t=18382

Page 1 of 1

Memory access bug in string.c

Posted: 2011-03-25T04:22:09-07:00
by bernhard
Hi!

I found a invalid memory access bug detected in the actual SVN-Version of magick/string.c

The memcpy() commands exceeds the length of the source string in CloneString(), AcquireString() and ConstantString().

Code: Select all

<(void) memcpy(destination,source,length*sizeof(*destination));
>(void) memcpy(destination,source,length*sizeof(char));
This results into an access violation running a static linked debug version in VS2010

Anyway, Thanks for your Great Library!
Bernhard

Re: Memory access bug in string.c

Posted: 2011-03-25T05:34:12-07:00
by magick
The bug you reported only affects CloneString(). There was a missing indirect pointer. Instead of *destination it should be **destination. We have a patch in ImageMagick 6.6.8-8 Beta available by sometime tomorrow. Thanks.
All times are UTC-07:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited