From b78822716fd79b380ddce5cbe23ce82d08e1df96 Mon Sep 17 00:00:00 2001 From: cristy Date: Thu, 14 Nov 2013 12:36:55 +0000 Subject: [PATCH] Fix CVE-2014-1947, CVE-2014-2030 Upstream commit: r13736 Make layer_name large enough so that an overflow does not occur if there are more than 99 layers. --- coders/psd.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/coders/psd.c b/coders/psd.c index 3c0b938..5c23992 100644 --- a/coders/psd.c +++ b/coders/psd.c @@ -2101,9 +2101,6 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image) StringInfo *bim_profile; - unsigned char - layer_name[4]; - /* Open image file. */ @@ -2361,12 +2358,15 @@ static MagickBooleanType WritePSDImage(const ImageInfo *image_info,Image *image) property=(const char *) GetImageProperty(next_image,"label"); if (property == (const char *) NULL) { + char + layer_name[MaxTextExtent]; + (void) WriteBlobMSBLong(image,16); (void) WriteBlobMSBLong(image,0); (void) WriteBlobMSBLong(image,0); - (void) FormatLocaleString((char *) layer_name,MaxTextExtent, - "L%06ld",(long) layer_count++); - WritePascalString( image, (char*)layer_name, 4 ); + (void) FormatLocaleString(layer_name,MaxTextExtent,"L%06ld",(long) + layer_count++); + WritePascalString(image,layer_name,4); } else { -- 1.8.3.1