Avoid overflow when parsing PSD resource blocks

author Cristy <urban-warrior@imagemagick.org>

Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)

committer Cristy <urban-warrior@imagemagick.org>

Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)
author Cristy <urban-warrior@imagemagick.org>
Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)
committer Cristy <urban-warrior@imagemagick.org>
Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)
diff --git a/coders/psd.c b/coders/psd.c

index b26513c0fde207a5634c13063c0e527003e81299..eb107f47e57f1e3826cf97a4d35ab5bc551da86b 100644 (file)
--- a/coders/psd.c
+++ b/coders/psd.c
@@ -643,7 +643,7 @@ static void ParseImageResourceBlocks(Image *image,
      p=PushShortPixel(MSBEndian,p,&id);
      p=PushShortPixel(MSBEndian,p,&short_sans);
      p=PushLongPixel(MSBEndian,p,&count);
-    if (p+count > blocks+length)
+    if ((p+count) > (blocks+length-16))
        return;
      switch (id)
      {
author	Cristy <urban-warrior@imagemagick.org>
	Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)
committer	Cristy <urban-warrior@imagemagick.org>
	Fri, 6 May 2016 14:03:01 +0000 (10:03 -0400)