A Null Pointer Dereference issue is present in the AcquireQuantumMemory function in the file ImageMagick/MagickCore/memory.c. This is due to the following vulnerable code:
if (n != 0)
{
dasharray=(double *) AcquireQuantumMemory((size_t) n+1UL,
sizeof(*dasharray));
p=CurrentContext->dash_pattern;
q=dasharray;
for (i=0; i < (ssize_t) n; i++)
*q++=(*p++);
*q=0.0;
}
The variable dasharray gets the output of AcquireQuantumMemory. Looking at the code within this function, the following code explicitly returns NULL:
if (HeapOverflowSanityCheck(count,quantum) != MagickFalse)
return((void *) NULL);
Eventually q gets the value stored in dasharray (which is potentially NULL) in q=dasharray;
Finally, q gets explicitly dereferenced in *q++=(*p++);
Using
if (q != NULL)
*q++=(*p++);
would resolve the Null Pointer Dereference vulnerability.
The text was updated successfully, but these errors were encountered:
A Null Pointer Dereference issue is present in the AcquireQuantumMemory function in the file ImageMagick/MagickCore/memory.c. This is due to the following vulnerable code:
The variable dasharray gets the output of AcquireQuantumMemory. Looking at the code within this function, the following code explicitly returns NULL:
Eventually q gets the value stored in dasharray (which is potentially NULL) in
q=dasharray;Finally, q gets explicitly dereferenced in
*q++=(*p++);Using
would resolve the Null Pointer Dereference vulnerability.
The text was updated successfully, but these errors were encountered: