https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12914

author Cristy <mikayla-grace@urban-warrior.org>

Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)

committer Cristy <mikayla-grace@urban-warrior.org>

Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)
author Cristy <mikayla-grace@urban-warrior.org>
Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)
committer Cristy <mikayla-grace@urban-warrior.org>
Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)
diff --git a/coders/xcf.c b/coders/xcf.c

index ff5c283f5c30338253675a765a6ae8e72b78a8cb..a4b06bd1c8dc9f22f2785b3be20d9deeefade05a 100644 (file)
--- a/coders/xcf.c
+++ b/coders/xcf.c
@@ -744,7 +744,7 @@ static MagickBooleanType load_level(Image *image,XCFDocInfo *inDocInfo,
      if (offset2 == 0)
        offset2=(MagickOffsetType) (offset + TILE_WIDTH * TILE_WIDTH * 4* 1.5);
      /* seek to the tile offset */
-    if (SeekBlob(image, offset, SEEK_SET) != offset)
+    if ((offset > offset2) || (SeekBlob(image, offset, SEEK_SET) != offset))
        ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
          image->filename);
author	Cristy <mikayla-grace@urban-warrior.org>
	Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)
committer	Cristy <mikayla-grace@urban-warrior.org>
	Thu, 7 Feb 2019 00:42:35 +0000 (19:42 -0500)