From 2bb47faae170b0996dc92659cd1dc3eb30ae9aec Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 23 Dec 2018 13:22:05 -0500
Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12180

---
 coders/cube.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/coders/cube.c b/coders/cube.c
index aa119bc48..3e2a54e3e 100644
--- a/coders/cube.c
+++ b/coders/cube.c
@@ -175,7 +175,9 @@ static Image *ReadCUBEImage(const ImageInfo *image_info,
           cube_info=RelinquishVirtualMemory(cube_info);
         GetNextToken(q,&q,MagickPathExtent,value);
         cube_level=(size_t) StringToLong(value);
-        if ((cube_level < 2) || (cube_level > 65536))
+        if (LocaleCompare(token,"LUT_1D_SIZE") == 0)
+          cube_level=(size_t) ceil(pow((double) cube_level,1.0/3.0));
+        if ((cube_level < 2) || (cube_level > 256))
           {
             buffer=DestroyString(buffer);
             ThrowReaderException(CorruptImageError,"ImproperImageHeader");
@@ -207,6 +209,8 @@ static Image *ReadCUBEImage(const ImageInfo *image_info,
             cube[n].g=StringToDouble(q,&q);
             cube[n].b=StringToDouble(q,&q);
             n++;
+            if (n >= (cube_level*cube_level*cube_level))
+              break;
           }
         else
           if (('+' < *buffer) && (*buffer < ':'))
-- 
2.40.0