From c2c1eceb3c8098fe2919399ad6b6367d1cb82027 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 23 Apr 2017 10:39:00 -0400
Subject: [PATCH] ...

---
 coders/icon.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/coders/icon.c b/coders/icon.c
index bbc2e70ec..47a8463f8 100644
--- a/coders/icon.c
+++ b/coders/icon.c
@@ -252,6 +252,9 @@ static Image *ReadICONImage(const ImageInfo *image_info,
   MagickBooleanType
     status;
 
+  MagickSizeType
+    extent;
+
   register ssize_t
     i,
     x;
@@ -296,6 +299,7 @@ static Image *ReadICONImage(const ImageInfo *image_info,
       ((icon_file.resource_type != 1) && (icon_file.resource_type != 2)) ||
       (icon_file.count > MaxIcons))
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+  extent=0;
   for (i=0; i < icon_file.count; i++)
   {
     icon_file.directory[i].width=(unsigned char) ReadBlobByte(image);
@@ -309,8 +313,9 @@ static Image *ReadICONImage(const ImageInfo *image_info,
     icon_file.directory[i].offset=ReadBlobLSBLong(image);
     if (EOFBlob(image) != MagickFalse)
       break;
+    extent=MagickMax(extent,icon_file.directory[i].size);
   }
-  if (EOFBlob(image) != MagickFalse)
+  if ((EOFBlob(image) != MagickFalse) || (extent > GetBlobSize(image)))
     ThrowReaderException(CorruptImageError,"UnexpectedEndOfFile");
   one=1;
   for (i=0; i < icon_file.count; i++)
-- 
2.50.1