https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5664

author Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)

committer Cristy <urban-warrior@imagemagick.org>

Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)
author Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)
committer Cristy <urban-warrior@imagemagick.org>
Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)
diff --git a/coders/xcf.c b/coders/xcf.c

index 7b62686dc2aed8d2eb0f88ca4cb0f6717e52b76a..c45d78bbe621628d8621e50e4c627dd90bebe15d 100644 (file)
--- a/coders/xcf.c
+++ b/coders/xcf.c
@@ -643,6 +643,9 @@ static MagickBooleanType load_level(Image *image,XCFDocInfo *inDocInfo,
      /* read in the offset of the next tile so we can calculate the amount
         of data needed for this tile*/
      offset2=(MagickOffsetType)ReadBlobMSBLong(image);
+    if (offset2 > GetBlobSize(image))
+      ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
+        image->filename);
      /* if the offset is 0 then we need to read in the maximum possible
         allowing for negative compression */
      if (offset2 == 0)
author	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)
committer	Cristy <urban-warrior@imagemagick.org>
	Sun, 4 Feb 2018 20:41:57 +0000 (15:41 -0500)