From 3e876dddd45f634669bd608277871a836d161333 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 2 Oct 2018 19:46:12 -0400
Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10774

---
 coders/pict.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/coders/pict.c b/coders/pict.c
index e924fdb3a..9112be6f0 100644
--- a/coders/pict.c
+++ b/coders/pict.c
@@ -1783,7 +1783,7 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info,
     bytes_per_line*=image->alpha_trait != UndefinedPixelTrait ? 4 : 3;
   buffer=(unsigned char *) AcquireQuantumMemory(PictInfoSize,sizeof(*buffer));
   packed_scanline=(unsigned char *) AcquireQuantumMemory((size_t)
-   (row_bytes+MaxCount),sizeof(*packed_scanline));
+   (row_bytes+2*MaxCount),sizeof(*packed_scanline));
   scanline=(unsigned char *) AcquireQuantumMemory(row_bytes,sizeof(*scanline));
   if ((buffer == (unsigned char *) NULL) ||
       (packed_scanline == (unsigned char *) NULL) ||
@@ -1799,7 +1799,7 @@ static MagickBooleanType WritePICTImage(const ImageInfo *image_info,
       ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
     }
   (void) memset(scanline,0,row_bytes);
-  (void) memset(packed_scanline,0,(size_t) (row_bytes+MaxCount));
+  (void) memset(packed_scanline,0,(size_t) (row_bytes+2*MaxCount));
   /*
     Write header, header size, size bounding box, version, and reserved.
   */
-- 
2.40.0