From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 25 Jul 2016 00:07:03 +0000 (-0400)
Subject: Prevent buffer overflow (bug report from Ibrahim el-sayed)
X-Git-Tag: 7.0.2-6~6
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=dd84447b63a71fa8c3f47071b09454efc667767b;p=imagemagick

Prevent buffer overflow (bug report from Ibrahim el-sayed)
---

diff --git a/MagickCore/property.c b/MagickCore/property.c
index 772f3d59f..0b4b75c49 100644
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -665,6 +665,11 @@ static MagickBooleanType Get8BIMProperty(const Image *image,const char *key,
     if ((count & 0x01) == 0)
       (void) ReadPropertyByte(&info,&length);
     count=(ssize_t) ReadPropertyMSBLong(&info,&length);
+    if ((count < 0) || ((size_t) count > length))
+      {
+        length=0; 
+        continue;
+      }
     if ((*name != '\0') && (*name != '#'))
       if ((resource == (char *) NULL) || (LocaleCompare(name,resource) != 0))
         {