[magick-developers] Invalid memory access with XML profiles
Alexander E. Patrakov
patrakov at gmail.com
Sat Jan 3 10:30:39 PST 2009
Hello.
In GetXMPProperty(), we have:
profile=GetImageProfile(image,"xmp");
// snip irrelevant code
p=(const char *) GetStringInfoDatum(profile);
// snip code that sometimes advances p somewhat, but doesn't modify
anything else
xmp=NewXMLTree((char *) p,exception);
i.e., here p may be not 0-terminated. However, NewXmlTree() calls
strlen() on its argument. This is a bug.
No patch so far, because I should not make patches at midnight.
--
Alexander E. Patrakov
More information about the Magick-developers
mailing list