From 896a34efc54f0b05153da34645bdc10190c24e71 Mon Sep 17 00:00:00 2001
From: dirk <dirk@git.imagemagick.org>
Date: Thu, 18 Sep 2014 10:57:30 +0000
Subject: [PATCH] Fix for overflow in corrupt image.

---
 coders/jpeg.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/coders/jpeg.c b/coders/jpeg.c
index 5967254b6..3611db264 100644
--- a/coders/jpeg.c
+++ b/coders/jpeg.c
@@ -414,9 +414,9 @@ static boolean ReadComment(j_decompress_ptr jpeg_info)
   image=error_manager->image;
   length=(size_t) ((size_t) GetCharacter(jpeg_info) << 8);
   length+=GetCharacter(jpeg_info);
-  length-=2;
-  if (length <= 0)
+  if (length <= 2)
     return(TRUE);
+  length-=2;
   comment=BlobToStringInfo((const void *) NULL,length);
   if (comment == (StringInfo *) NULL)
     {
-- 
2.40.0