From b5eccd2959a61d9d404a27bdda1b904c7a5b0cf7 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Tue, 18 Dec 2018 19:15:38 -0500
Subject: [PATCH] https://github.com/ImageMagick/ImageMagick/issues/1425

---
 coders/bmp.c | 4 ++--
 coders/dib.c | 4 +++-
 coders/pnm.c | 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/coders/bmp.c b/coders/bmp.c
index edc5cda54..d9b84a828 100644
--- a/coders/bmp.c
+++ b/coders/bmp.c
@@ -1844,8 +1844,8 @@ static MagickBooleanType WriteBMPImage(const ImageInfo *image_info,Image *image,
     /*
       Convert MIFF to BMP raster pixels.
     */
-    pixel_info=AcquireVirtualMemory(image->rows,
-      MagickMax(bytes_per_line,image->columns+256UL)*sizeof(*pixels));
+    pixel_info=AcquireVirtualMemory(image->rows,MagickMax(bytes_per_line,
+      image->columns+256UL)*sizeof(*pixels));
     if (pixel_info == (MemoryInfo *) NULL)
       ThrowWriterException(ResourceLimitError,"MemoryAllocationFailed");
     pixels=(unsigned char *) GetVirtualMemoryBlob(pixel_info);
diff --git a/coders/dib.c b/coders/dib.c
index 5ecb5f99f..a22554fd4 100644
--- a/coders/dib.c
+++ b/coders/dib.c
@@ -590,9 +590,11 @@ static Image *ReadDIBImage(const ImageInfo *image_info,ExceptionInfo *exception)
     UndefinedPixelTrait;
   if ((dib_info.number_colors > 256) || (dib_info.colors_important > 256))
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+  if ((dib_info.number_colors != 0) && (dib_info.bits_per_pixel > 8))
+    ThrowReaderException(CorruptImageError,"ImproperImageHeader");
   if ((dib_info.image_size != 0U) && (dib_info.image_size > GetBlobSize(image)))
     ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
-  if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 16))
+  if ((dib_info.number_colors != 0) || (dib_info.bits_per_pixel < 8))
     {
       size_t
         one;
diff --git a/coders/pnm.c b/coders/pnm.c
index e3674286f..7c1aec8d0 100644
--- a/coders/pnm.c
+++ b/coders/pnm.c
@@ -174,7 +174,7 @@ static int PNMComment(Image *image,CommentInfo *comment_info,
         p=comment_info->comment+strlen(comment_info->comment);
       }
     c=ReadBlobByte(image);
-    if ((c != EOF) && (c != (int) '\n') && (c != (int) '\r'))
+    if (c != EOF)
       {
         *p=(char) c;
         *(p+1)='\0';
-- 
2.40.0