From b78822716fd79b380ddce5cbe23ce82d08e1df96 Mon Sep 17 00:00:00 2001
From: cristy <cristy@aa41f4f7-0bf4-0310-aa73-e5a19afd5a74>
Date: Thu, 14 Nov 2013 12:36:55 +0000
Subject: [PATCH] Fix CVE-2014-1947, CVE-2014-2030

Upstream commit: r13736

Make layer_name large enough so that an overflow does not occur if
there are more than 99 layers.
---
 coders/psd.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/coders/psd.c b/coders/psd.c
index 3c0b938..5c23992 100644
--- a/coders/psd.c
+++ b/coders/psd.c
@@ -2101,9 +2101,6 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image)
   StringInfo
     *bim_profile;
 
-  unsigned char
-    layer_name[4];
-
   /*
     Open image file.
   */
@@ -2361,12 +2358,15 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image)
         property=(const char *) GetImageProperty(next_image,"label");
         if (property == (const char *) NULL)
           {
+            char
+              layer_name[MaxTextExtent];
+
             (void) WriteBlobMSBLong(image,16);
             (void) WriteBlobMSBLong(image,0);
             (void) WriteBlobMSBLong(image,0);
-            (void) FormatLocaleString((char *) layer_name,MaxTextExtent,
-              "L%06ld",(long) layer_count++);
-            WritePascalString( image, (char*)layer_name, 4 );
+            (void) FormatLocaleString(layer_name,MaxTextExtent,"L%06ld",(long)
+              layer_count++);
+            WritePascalString(image,layer_name,4);
           }
         else
           {
-- 
1.8.3.1