From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 4 Feb 2018 20:22:46 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5448
X-Git-Tag: 7.0.7-23~137
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=970ee065ad3dacb99e86323ffd3e8b1d8c7dcc65;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5448
---

diff --git a/coders/dcm.c b/coders/dcm.c
index cc211c525..a4a1372b6 100644
--- a/coders/dcm.c
+++ b/coders/dcm.c
@@ -3778,8 +3778,10 @@ static Image *ReadDCMImage(const ImageInfo *image_info,ExceptionInfo *exception)
       */
       for (i=0; i < (ssize_t) stream_info->remaining; i++)
         (void) ReadBlobByte(image);
-      (void)((ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image));
+      (void) ((ReadBlobLSBShort(image) << 16) | ReadBlobLSBShort(image));
       length=(size_t) ReadBlobLSBLong(image);
+      if (length > GetBlobSize(image))
+        ThrowDCMException(CorruptImageError,"InsufficientImageDataInFile");
       stream_info->offset_count=length >> 2;
       if (stream_info->offset_count != 0)
         {