From 15b52dc80eb4fb7eba074a7ad48c55b3854525d1 Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@git.imagemagick.org>
Date: Sat, 17 Mar 2018 11:36:24 +0100
Subject: [PATCH] Added EOF check.

---
 coders/rla.c | 39 ++++++++++++++++++++++-----------------
 1 file changed, 22 insertions(+), 17 deletions(-)

diff --git a/coders/rla.c b/coders/rla.c
index 2c3195306..645e856f8 100644
--- a/coders/rla.c
+++ b/coders/rla.c
@@ -222,31 +222,31 @@ static Image *ReadRLAImage(const ImageInfo *image_info,ExceptionInfo *exception)
   rla_info.number_channels+=rla_info.number_matte_channels;
   rla_info.number_auxiliary_channels=(short) ReadBlobMSBShort(image);
   rla_info.revision=(short) ReadBlobMSBShort(image);
-  count=ReadBlob(image,16,(unsigned char *) rla_info.gamma);
-  count=ReadBlob(image,24,(unsigned char *) rla_info.red_primary);
-  count=ReadBlob(image,24,(unsigned char *) rla_info.green_primary);
-  count=ReadBlob(image,24,(unsigned char *) rla_info.blue_primary);
-  count=ReadBlob(image,24,(unsigned char *) rla_info.white_point);
+  (void) ReadBlob(image,16,(unsigned char *) rla_info.gamma);
+  (void) ReadBlob(image,24,(unsigned char *) rla_info.red_primary);
+  (void) ReadBlob(image,24,(unsigned char *) rla_info.green_primary);
+  (void) ReadBlob(image,24,(unsigned char *) rla_info.blue_primary);
+  (void) ReadBlob(image,24,(unsigned char *) rla_info.white_point);
   rla_info.job_number=ReadBlobMSBSignedLong(image);
-  count=ReadBlob(image,128,(unsigned char *) rla_info.name);
-  count=ReadBlob(image,128,(unsigned char *) rla_info.description);
+  (void) ReadBlob(image,128,(unsigned char *) rla_info.name);
+  (void) ReadBlob(image,128,(unsigned char *) rla_info.description);
   rla_info.description[127]='\0';
-  count=ReadBlob(image,64,(unsigned char *) rla_info.program);
-  count=ReadBlob(image,32,(unsigned char *) rla_info.machine);
-  count=ReadBlob(image,32,(unsigned char *) rla_info.user);
-  count=ReadBlob(image,20,(unsigned char *) rla_info.date);
-  count=ReadBlob(image,24,(unsigned char *) rla_info.aspect);
-  count=ReadBlob(image,8,(unsigned char *) rla_info.aspect_ratio);
-  count=ReadBlob(image,32,(unsigned char *) rla_info.chan);
+  (void) ReadBlob(image,64,(unsigned char *) rla_info.program);
+  (void) ReadBlob(image,32,(unsigned char *) rla_info.machine);
+  (void) ReadBlob(image,32,(unsigned char *) rla_info.user);
+  (void) ReadBlob(image,20,(unsigned char *) rla_info.date);
+  (void) ReadBlob(image,24,(unsigned char *) rla_info.aspect);
+  (void) ReadBlob(image,8,(unsigned char *) rla_info.aspect_ratio);
+  (void) ReadBlob(image,32,(unsigned char *) rla_info.chan);
   rla_info.field=(short) ReadBlobMSBShort(image);
-  count=ReadBlob(image,12,(unsigned char *) rla_info.time);
-  count=ReadBlob(image,32,(unsigned char *) rla_info.filter);
+  (void) ReadBlob(image,12,(unsigned char *) rla_info.time);
+  (void) ReadBlob(image,32,(unsigned char *) rla_info.filter);
   rla_info.bits_per_channel=(short) ReadBlobMSBShort(image);
   rla_info.matte_type=(short) ReadBlobMSBShort(image);
   rla_info.matte_bits=(short) ReadBlobMSBShort(image);
   rla_info.auxiliary_type=(short) ReadBlobMSBShort(image);
   rla_info.auxiliary_bits=(short) ReadBlobMSBShort(image);
-  count=ReadBlob(image,32,(unsigned char *) rla_info.auxiliary);
+  (void) ReadBlob(image,32,(unsigned char *) rla_info.auxiliary);
   count=ReadBlob(image,36,(unsigned char *) rla_info.space);
   if ((size_t) count != 36)
     ThrowReaderException(CorruptImageError,"UnableToReadImageData");
@@ -279,6 +279,11 @@ static Image *ReadRLAImage(const ImageInfo *image_info,ExceptionInfo *exception)
   */
   for (i=0; i < (ssize_t) image->rows; i++)
     scanlines[i]=(MagickOffsetType) ReadBlobMSBSignedLong(image);
+  if (EOFBlob(image) != MagickFalse)
+    {
+      scanlines=(MagickOffsetType *) RelinquishMagickMemory(scanlines);
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+    }
   /*
     Read image data.
   */
-- 
2.40.0