From: dirk <dirk@git.imagemagick.org>
Date: Thu, 18 Sep 2014 10:57:30 +0000 (+0000)
Subject: Fix for overflow in corrupt image.
X-Git-Tag: 7.0.1-0~2000
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=896a34efc54f0b05153da34645bdc10190c24e71;p=imagemagick

Fix for overflow in corrupt image.
---

diff --git a/coders/jpeg.c b/coders/jpeg.c
index 5967254b6..3611db264 100644
--- a/coders/jpeg.c
+++ b/coders/jpeg.c
@@ -414,9 +414,9 @@ static boolean ReadComment(j_decompress_ptr jpeg_info)
   image=error_manager->image;
   length=(size_t) ((size_t) GetCharacter(jpeg_info) << 8);
   length+=GetCharacter(jpeg_info);
-  length-=2;
-  if (length <= 0)
+  if (length <= 2)
     return(TRUE);
+  length-=2;
   comment=BlobToStringInfo((const void *) NULL,length);
   if (comment == (StringInfo *) NULL)
     {