Sophie: ImageMagick-6.2.8.0-4.el5

ImageMagick-6.2.8.0-4.el5_5.3.src.rpm

--- ImageMagick-6.0.6.p7/coders/sgi.c	2006-11-28 17:19:37.000000000 +0100
+++ ImageMagick-6.0.6.p8/coders/sgi.c	2006-11-28 17:20:07.000000000 +0100
@@ -168,13 +168,13 @@ static void SGIDecode(const unsigned lon
   q=pixels;
   if (bytes_per_pixel == 2)
     {
-      for (i=0; i < (long) width; )
+      for ( i=0 ; ; )
       {
         pixel=(unsigned long) (*p++) << 8;
         pixel|=(*p++);
         count=(ssize_t) (pixel & 0x7f);
         i+=count;
-        if (count == 0)
+	if (count == 0 || i > (long) width)
           break;
         if ((pixel & 0x80) != 0)
           for ( ; count != 0; count--)
@@ -197,13 +197,13 @@ static void SGIDecode(const unsigned lon
       }
       return;
     }
-  for (i=0; i < (long) width; )
+  for (i=0; ; )
   {
     pixel=(unsigned long) (*p++);
     count=(ssize_t) (pixel & 0x7f);
-    if (count == 0)
-      break;
     i+=count;
+    if (count == 0 || i >= (long) width)
+      break;
     if ((pixel & 0x80) != 0)
       for ( ; count != 0; count--)
       {