From 1b5507f188dd0cd76099348c5f151a8ba61a812d Mon Sep 17 00:00:00 2001
From: maminjie <maminjie1@huawei.com>
Date: Sat, 19 Sep 2020 16:39:22 +0800
Subject: [PATCH] fix CVE-2019-12921

the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG

refers to https://build.opensuse.org/request/show/788214
---
 magick/render.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/magick/render.c b/magick/render.c
index 3caf603..75bbe2f 100644
--- a/magick/render.c
+++ b/magick/render.c
@@ -2360,11 +2360,16 @@ DrawImage(Image *image,const DrawInfo *draw_info)
   if (*draw_info->primitive == '\0')
     return(MagickFail);
   (void) LogMagickEvent(RenderEvent,GetMagickModule(),"begin draw-image");
-  if (*draw_info->primitive != '@')
-    primitive=AllocateString(draw_info->primitive);
-  else
+  /* 
+    Read primitive from file if supplied primitive starts with '@' and
+    we are not already drawing.
+  */
+  if ((*draw_info->primitive == '@') &&
+      (DrawImageGetCurrentRecurseLevel(image) == 1))
     primitive=(char *)
       FileToBlob(draw_info->primitive+1,&length,&image->exception);
+  else
+    primitive=AllocateString(draw_info->primitive);
   if (primitive == (char *) NULL)
     return(MagickFail);
   primitive_extent=strlen(primitive);
-- 
2.23.0