[Magick-bugs] Array bounds in tracePath
Michal 'vorner' Vaner
mvaner at suse.cz
Mon Feb 19 11:02:32 CST 2007
Hello,
there's a 'points[4]' array in 'tracePath' function. However, this code:
for (i=0; i <= 4; i++)
(q+i)->point=points[i];
on line 5214 of magick/draw.c requests points[4] element (which is above
the array bounds). Since it is the only place where this element is used
(uninitialized), I assume there should be <= 3. Am I right, or I miss
something?
The attached patch was generated from 3.6.0 version, but this seems to
be present in the newest stable source as well.
Thank you
More information about the Magick-bugs
mailing list