Overview

File GraphicsMagick-CVE-2019-11005.patch of Package GraphicsMagick.openSUSE_Leap_42.3_Update

Index: GraphicsMagick-1.3.25/coders/svg.c
===================================================================
--- GraphicsMagick-1.3.25.orig/coders/svg.c	2019-04-16 12:56:31.715746327 +0200
+++ GraphicsMagick-1.3.25/coders/svg.c	2019-04-16 12:57:44.508099369 +0200
@@ -1205,12 +1205,12 @@ static void SVGStartElement(void *contex
                 font-family.  Maybe we need a generalized solution for
                 this.
               */
-              if ((value[0] == '\'') && (value[strlen(value)-1] == '\''))
+                  int value_length;
+                  if ((value[0] == '\'') && ((value_length=(int) strlen(value)) > 2)
+                      && (value[value_length-1] == '\''))
                 {
-                  char nvalue[MaxTextExtent];
-                  (void) strlcpy(nvalue,value+1,sizeof(nvalue));
-                  nvalue[strlen(nvalue)-1]='\0';
-                  MVGPrintf(svg_info->file,"font-family '%s'\n",nvalue);
+                      MVGPrintf(svg_info->file,"font-family '%.*s'\n",
+                                (int)(value_length-2),value+1);
                 }
               else
                 {
openSUSE Build Service is sponsored by
Places