You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Null Pointer Dereference issue is present in the AcquireQuantumMemory function in the file ImageMagick/MagickCore/memory.c. This is due to the following vulnerable code:
if (n != 0)
{
dasharray=(double *) AcquireQuantumMemory((size_t) n+1UL,
sizeof(*dasharray));
p=CurrentContext->dash_pattern;
q=dasharray;
for (i=0; i < (ssize_t) n; i++)
*q++=(*p++);
*q=0.0;
}
The variable dasharray gets the output of AcquireQuantumMemory. Looking at the code within this function, the following code explicitly returns NULL:
if (HeapOverflowSanityCheck(count,quantum) != MagickFalse)
return((void *) NULL);
Eventually q gets the value stored in dasharray (which is potentially NULL) in q=dasharray;
Finally, q gets explicitly dereferenced in *q++=(*p++);
Using
if (q != NULL)
*q++=(*p++);
would resolve the Null Pointer Dereference vulnerability.
The text was updated successfully, but these errors were encountered:
A Null Pointer Dereference issue is present in the AcquireQuantumMemory function in the file ImageMagick/MagickCore/memory.c. This is due to the following vulnerable code:
The variable dasharray gets the output of AcquireQuantumMemory. Looking at the code within this function, the following code explicitly returns NULL:
Eventually q gets the value stored in dasharray (which is potentially NULL) in
q=dasharray;
Finally, q gets explicitly dereferenced in
*q++=(*p++);
Using
would resolve the Null Pointer Dereference vulnerability.
The text was updated successfully, but these errors were encountered: