File ImageMagick-CVE-2018-16645.patch of Package ImageMagick.29977

Index: ImageMagick-6.8.8-1/coders/bmp.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/bmp.c	2018-09-09 20:46:43.118021045 +0200
+++ ImageMagick-6.8.8-1/coders/bmp.c	2018-09-09 20:47:15.566177356 +0200
@@ -659,6 +659,8 @@ static Image *ReadBMPImage(const ImageIn
         bmp_info.y_pixels=ReadBlobLSBLong(image);
         bmp_info.number_colors=ReadBlobLSBLong(image);
         bmp_info.colors_important=ReadBlobLSBLong(image);
+        if (bmp_info.number_colors > GetBlobSize(image))
+          ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
         profile_data=0;
         profile_size=0;
         if (image->debug != MagickFalse)
Index: ImageMagick-6.8.8-1/coders/dib.c
===================================================================
--- ImageMagick-6.8.8-1.orig/coders/dib.c	2018-09-09 20:46:43.086020891 +0200
+++ ImageMagick-6.8.8-1/coders/dib.c	2018-09-09 20:49:17.810766241 +0200
@@ -537,6 +537,8 @@ static Image *ReadDIBImage(const ImageIn
   dib_info.x_pixels=ReadBlobLSBLong(image);
   dib_info.y_pixels=ReadBlobLSBLong(image);
   dib_info.number_colors=ReadBlobLSBLong(image);
+  if (dib_info.number_colors > GetBlobSize(image))
+    ThrowReaderException(CorruptImageError,"InsufficientImageDataInFile");
   dib_info.colors_important=ReadBlobLSBLong(image);
   if ((dib_info.compression == BI_BITFIELDS) &&
       ((dib_info.bits_per_pixel == 16) || (dib_info.bits_per_pixel == 32)))
@@ -948,6 +950,7 @@ ModuleExport size_t RegisterDIBImage(voi
   entry->decoder=(DecodeImageHandler *) ReadDIBImage;
   entry->encoder=(EncodeImageHandler *) WriteDIBImage;
   entry->magick=(IsImageFormatHandler *) IsDIB;
+  entry->seekable_stream=MagickTrue;
   entry->adjoin=MagickFalse;
   entry->stealth=MagickTrue;
   entry->description=ConstantString(