From fa8303dde7f7e12440b3237f4b23175ff8fc8795 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Sun, 4 Feb 2018 15:41:57 -0500
Subject: [PATCH] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5664

---
 coders/xcf.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/coders/xcf.c b/coders/xcf.c
index 7b62686dc..c45d78bbe 100644
--- a/coders/xcf.c
+++ b/coders/xcf.c
@@ -643,6 +643,9 @@ static MagickBooleanType load_level(Image *image,XCFDocInfo *inDocInfo,
     /* read in the offset of the next tile so we can calculate the amount
        of data needed for this tile*/
     offset2=(MagickOffsetType)ReadBlobMSBLong(image);
+    if (offset2 > GetBlobSize(image))
+      ThrowBinaryException(CorruptImageError,"InsufficientImageDataInFile",
+        image->filename);
     /* if the offset is 0 then we need to read in the maximum possible
        allowing for negative compression */
     if (offset2 == 0)
-- 
2.40.0