From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 4 Feb 2018 20:41:57 +0000 (-0500)
Subject: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5664
X-Git-Tag: 7.0.7-23~136
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=fa8303dde7f7e12440b3237f4b23175ff8fc8795;p=imagemagick

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5664
---

diff --git a/coders/xcf.c b/coders/xcf.c
index 7b62686dc..c45d78bbe 100644
--- a/coders/xcf.c
+++ b/coders/xcf.c
@@ -643,6 +643,9 @@ static MagickBooleanType load_level(Image *image,XCFDocInfo *inDocInfo,
     /* read in the offset of the next tile so we can calculate the amount
        of data needed for this tile*/
     offset2=(MagickOffsetType)ReadBlobMSBLong(image);
+    if (offset2 > GetBlobSize(image))
+      ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
+        image->filename);
     /* if the offset is 0 then we need to read in the maximum possible
        allowing for negative compression */
     if (offset2 == 0)