Skip to content
Permalink
Browse files Browse the repository at this point in the history
[FG-VD-19-136] ImageMagick Convert SVG MacOS Denial Of Service
  • Loading branch information
Cristy committed Oct 23, 2019
1 parent 351fd50 commit ec9c894
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions coders/svg.c
Expand Up @@ -65,9 +65,10 @@
#include "MagickCore/module.h"
#include "MagickCore/monitor.h"
#include "MagickCore/monitor-private.h"
#include "MagickCore/quantum-private.h"
#include "MagickCore/option.h"
#include "MagickCore/pixel-accessor.h"
#include "MagickCore/property.h"
#include "MagickCore/quantum-private.h"
#include "MagickCore/resource_.h"
#include "MagickCore/static.h"
#include "MagickCore/string_.h"
Expand Down Expand Up @@ -3579,9 +3580,14 @@ static Image *ReadSVGImage(const ImageInfo *image_info,ExceptionInfo *exception)
message[n]='\0';
if (n > 0)
{
const char
*value;

svg_info->parser=xmlCreatePushParserCtxt(sax_handler,svg_info,(char *)
message,n,image->filename);
(void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
value=GetImageOption(image_info,"svg:xml-parse-huge");
if ((value != (char *) NULL) && (IsStringTrue(value) != MagickFalse))

This comment has been minimized.

Copy link
@elobdog

elobdog Nov 21, 2019

This cast for NULL isn't necessary.

(void) xmlCtxtUseOptions(svg_info->parser,XML_PARSE_HUGE);
while ((n=ReadBlob(image,MagickPathExtent-1,message)) != 0)
{
message[n]='\0';
Expand Down

0 comments on commit ec9c894

Please sign in to comment.