From: Cristy <urban-warrior@imagemagick.org>
Date: Wed, 7 Feb 2018 22:53:37 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6077
X-Git-Tag: 7.0.7-23~107
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=ba97c537f9643921dc5ebbcd81ab37ad1eca395b;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6077
---

diff --git a/coders/viff.c b/coders/viff.c
index 34d7d2b74..4cbf264c8 100644
--- a/coders/viff.c
+++ b/coders/viff.c
@@ -418,6 +418,8 @@ static Image *ReadVIFFImage(const ImageInfo *image_info,
           ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         if (AcquireImageColormap(image,image->colors,exception) == MagickFalse)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
+        if ((MagickSizeType) viff_info.map_rows > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         if ((MagickSizeType) viff_info.map_rows >
             (viff_info.map_rows*bytes_per_pixel*sizeof(*viff_colormap)))
           ThrowReaderException(CorruptImageError,"ImproperImageHeader");