File GraphicsMagick-CVE-2019-11005.patch of Package GraphicsMagick.10463

diff -r f7610c1281c1 -r b6fb77d7d54d coders/svg.c
--- a/coders/svg.c	Fri Apr 05 08:13:14 2019 -0500
+++ b/coders/svg.c	Fri Apr 05 08:43:15 2019 -0500
@@ -1745,12 +1745,12 @@
                     font-family.  Maybe we need a generalized solution for
                     this.
                   */
-                  if ((value[0] == '\'') && (value[strlen(value)-1] == '\''))
+                  int value_length;
+                  if ((value[0] == '\'') && ((value_length=(int) strlen(value)) > 2)
+                      && (value[value_length-1] == '\''))
                     {
-                      char nvalue[MaxTextExtent];
-                      (void) strlcpy(nvalue,value+1,sizeof(nvalue));
-                      nvalue[strlen(nvalue)-1]='\0';
-                      MVGPrintf(svg_info->file,"font-family '%s'\n",nvalue);
+                      MVGPrintf(svg_info->file,"font-family '%.*s'\n",
+                                (int)(value_length-2),value+1);
                     }
                   else
                     {

Places

File GraphicsMagick-CVE-2019-11005.patch of Package GraphicsMagick.10463

Places