Closed
Description
ImageMagick 7.0.7-0 Q16 x86_64
Here is the critical code:
if (*messages == (char *) NULL)
*messages=(char *) AcquireQuantumMemory(length+1,sizeof(char *)); //line 130
else
{
offset=strlen(*messages);
*messages=(char *) ResizeQuantumMemory(*messages,offset+length+1,
sizeof(char *));
}
(void) memcpy(*messages+offset,message,length);
(*messages)[length+offset] ='\0';
return(length);
AcquireQuantumMemory(...) may return NULL, so (*messages)[length+offset] will Dereference Null pointer to cause memory error.
Credit: ADLab of Venustech