From 892209336500771b6c790ed8ca74ebb2fc6f421d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bastien=20ROUCARI=C3=88S?= <roucaries.bastien@gmail.com>
Date: Mon, 7 Dec 2015 16:02:33 +0100
Subject: Fix buffer overflow in icon parsing code

 This patch backports a small extract of a larger upstream
 commit that addresses this specific issue.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Applied-Upstream: 7.0.0
Last-Update: 2015-11-26
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
---
 coders/icon.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/coders/icon.c b/coders/icon.c
index d060865..017edfd 100644
--- a/coders/icon.c
+++ b/coders/icon.c
@@ -277,6 +277,8 @@ static Image *ReadICONImage(const ImageInfo *image_info,
           Icon image encoded as a compressed PNG image.
         */
         length=icon_file.directory[i].size;
+	if (~length < 16)
+          ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
         png=(unsigned char *) AcquireQuantumMemory(length+16,sizeof(*png));
         if (png == (unsigned char *) NULL)
           ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
-- 
cgit v0.11.2