From: Dirk Lemstra <dirk@git.imagemagick.org>
Date: Sun, 1 Apr 2018 13:04:34 +0000 (+0200)
Subject: Fixed boundary check (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7263)
X-Git-Tag: 7.0.7-29~226
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f37718c9ed1ce8f2c2f35cf9a6e2266d61bd2982;p=imagemagick

Fixed boundary check (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7263)
---

diff --git a/coders/webp.c b/coders/webp.c
index 58693d9f4..273fa98dd 100644
--- a/coders/webp.c
+++ b/coders/webp.c
@@ -189,7 +189,7 @@ static MagickBooleanType IsWEBPImageLossless(const unsigned char *stream,
     Read extended header.
   */
   offset=RIFF_HEADER_SIZE+TAG_SIZE+CHUNK_SIZE_BYTES+VP8X_CHUNK_SIZE;
-  while (offset <= (ssize_t) (length-TAG_SIZE))
+  while (offset+TAG_SIZE <= (ssize_t) (length-TAG_SIZE))
   {
     uint32_t
       chunk_size,