From 4812e816a9c3da93003aaea1d0b1db9ccf8ce40d Mon Sep 17 00:00:00 2001
From: dirk <dirk@git.imagemagick.org>
Date: Thu, 2 Jun 2016 21:32:29 +0200
Subject: [PATCH] Fixed length check.

---
 coders/psd.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/coders/psd.c b/coders/psd.c
index eb107f47e..a516f37c7 100644
--- a/coders/psd.c
+++ b/coders/psd.c
@@ -2566,11 +2566,14 @@ static void RemoveICCProfileFromResourceBlock(StringInfo *bim_profile)
     p=PushLongPixel(MSBEndian,p,&count);
     if (id == 0x0000040f)
       {
-        if ((q+PSDQuantum(count)+12) < (datum+length-16))
+        ssize_t
+          quantum;
+
+        quantum=PSDQuantum(count)+12;
+        if ((quantum >= 12) && (q+quantum < (datum+length-16)))
           {
-            (void) CopyMagickMemory(q,q+PSDQuantum(count)+12,length-
-              (PSDQuantum(count)+12)-(q-datum));
-            SetStringInfoLength(bim_profile,length-(PSDQuantum(count)+12));
+            (void) CopyMagickMemory(q,q+quantum,length-quantum-(q-datum));
+            SetStringInfoLength(bim_profile,length-quantum);
           }
         break;
       }
-- 
2.40.0