From: Dirk Lemstra <dirk@git.imagemagick.org>
Date: Mon, 21 Nov 2016 19:53:03 +0000 (+0100)
Subject: Lowered max map_length to prevent an overflow (#271).
X-Git-Tag: 7.0.3-8~13
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ab2c9d6a8dd6d71b161ec9cc57a588b116b52322;p=imagemagick

Lowered max map_length to prevent an overflow (#271).
---

diff --git a/coders/rle.c b/coders/rle.c
index 05a65ec22..49638a4b8 100644
--- a/coders/rle.c
+++ b/coders/rle.c
@@ -224,7 +224,7 @@ static Image *ReadRLEImage(const ImageInfo *image_info,ExceptionInfo *exception)
     bits_per_pixel=(size_t) ReadBlobByte(image);
     number_colormaps=(size_t) ReadBlobByte(image);
     map_length=(unsigned char) ReadBlobByte(image);
-    if (map_length >= 32)
+    if (map_length >= 22)
       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     one=1;
     map_length=one << map_length;