Commit 3e0330721 for imagemagick.org
commit 3e0330721020e0c5bb52e4b77c347527dd71658e
Author: Dirk Lemstra <dirk@lemstra.org>
Date: Sun Jan 4 15:26:48 2026 +0100
Correct memset initialization and add an overflow check (GHSA-39h3-g67r-7g3c)
diff --git a/MagickCore/effect.c b/MagickCore/effect.c
index a343e4225..b2fdf626c 100644
--- a/MagickCore/effect.c
+++ b/MagickCore/effect.c
@@ -876,16 +876,21 @@ static double **AcquireBilateralTLS(const size_t number_threads,
double
**weights;
+ size_t
+ count;
+
ssize_t
i;
+ if (HeapOverflowSanityCheckGetSize(height,sizeof(**weights),&count) != MagickFalse)
+ return((double **) NULL);
weights=(double **) AcquireQuantumMemory(number_threads+1,sizeof(*weights));
if (weights == (double **) NULL)
return((double **) NULL);
- (void) memset(weights,0,number_threads*sizeof(*weights));
+ (void) memset(weights,0,(number_threads+1)*sizeof(*weights));
for (i=0; i <= (ssize_t) number_threads; i++)
{
- weights[i]=(double *) AcquireQuantumMemory(width,height*sizeof(**weights));
+ weights[i]=(double *) AcquireQuantumMemory(width,count);
if (weights[i] == (double *) NULL)
return(DestroyBilateralTLS(number_threads,weights));
}