Main GraphicsMagick source repository
Révision | 9b0c9e416ab6bd967e7cb8acdbd8ebdda1926f46 (tree) |
---|---|
l'heure | 2021-04-07 09:42:15 |
Auteur | Bob Friesenhahn <bfriesen@Grap...> |
Commiter | Bob Friesenhahn |
SVGComment(): Only capture first comment rather than concatenating all comments.
@@ -3,6 +3,9 @@ | ||
3 | 3 | * coders/svg.c (GetStyleTokens): Limit the number of style tokens. |
4 | 4 | Addresses oss-fuzz 32921 "graphicsmagick:coder_SVG_fuzzer: |
5 | 5 | Out-of-memory in coder_SVG_fuzzer". |
6 | + (SVGComment): Only capture first comment rather than concatenating | |
7 | + all comments. Addresses oss-fuzz 32944 | |
8 | + "graphicsmagick:coder_SVGZ_fuzzer: Timeout in coder_SVGZ_fuzzer". | |
6 | 9 | |
7 | 10 | 2021-04-02 Bob Friesenhahn <bfriesen@simple.dallas.tx.us> |
8 | 11 |
@@ -3685,9 +3685,14 @@ | ||
3685 | 3685 | (void) LogMagickEvent(CoderEvent,GetMagickModule(), |
3686 | 3686 | " SAX.comment(%.1024s)",value); |
3687 | 3687 | svg_info=(SVGInfo *) context; |
3688 | + if (svg_info->comment == (char *) NULL) | |
3689 | + svg_info->comment=AllocateString((char *) value); | |
3690 | + /* | |
3691 | + Old way concatenated all comments | |
3688 | 3692 | if (svg_info->comment != (char *) NULL) |
3689 | 3693 | (void) ConcatenateString(&svg_info->comment,"\n"); |
3690 | 3694 | (void) ConcatenateString(&svg_info->comment,(char *) value); |
3695 | + */ | |
3691 | 3696 | } |
3692 | 3697 | |
3693 | 3698 | static void |
@@ -39,7 +39,10 @@ | ||
39 | 39 | <blockquote> |
40 | 40 | * coders/svg.c (GetStyleTokens): Limit the number of style tokens. |
41 | 41 | Addresses oss-fuzz 32921 "graphicsmagick:coder_SVG_fuzzer: |
42 | -Out-of-memory in coder_SVG_fuzzer".</blockquote> | |
42 | +Out-of-memory in coder_SVG_fuzzer". | |
43 | +(SVGComment): Only capture first comment rather than concatenating | |
44 | +all comments. Addresses oss-fuzz 32944 | |
45 | +"graphicsmagick:coder_SVGZ_fuzzer: Timeout in coder_SVGZ_fuzzer".</blockquote> | |
43 | 46 | <p>2021-04-02 Bob Friesenhahn <<a class="reference external" href="mailto:bfriesen%40simple.dallas.tx.us">bfriesen<span>@</span>simple<span>.</span>dallas<span>.</span>tx<span>.</span>us</a>></p> |
44 | 47 | <blockquote> |
45 | 48 | * coders/msl.c (MSLReference): Fix memory leak when parser node is |