https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5448

author Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)
author Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)
diff --git a/coders/dcm.c b/coders/dcm.c

index cc211c5250d897c4f8c534f5072ae7e26ae89893..a4a1372b6d06b950adb6164e15be42923c226592 100644 (file)
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -3778,8 +3778,10 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
        */
        for (i=0; i < (ssize_t) stream_info->remaining; i++)
          (void) ReadBlobByte(image);
-      (void)((ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image));
+      (void) ((ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image));
        length=(size_t) ReadBlobLSBLong(image);
+      if (length > GetBlobSize(image))
+        ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile");
        stream_info->offset_count=length >> 2;
        if (stream_info->offset_count != 0)
          {
author	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:22:46 +0000 (15:22 -0500)