From ff4db0c00175eaddc0855367e7b9bfbeea7f51dc Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 16 May 2016 14:00:14 -0400
Subject: [PATCH] Ensure image extent does not exceed maximum for wpg file

This is a partial fix of CVE-2016-5688

bug-debian: https://bugs.debian.org/833003
origin: upstream, https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
---
 coders/wpg.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/coders/wpg.c b/coders/wpg.c
index 67a27dd07..38fa5cfcc 100644
--- a/coders/wpg.c
+++ b/coders/wpg.c
@@ -1098,7 +1098,10 @@ static Image *ReadWPGImage(const ImageInfo *image_info,
               image->rows=BitmapHeader2.Height;
               bpp=BitmapHeader2.Depth;
 
-            UnpackRaster:
+            UnpackRaster:      
+              status=SetImageExtent(image,image->columns,image->rows);
+              if (status == MagickFalse)
+                break;
               if ((image->colors == 0) && (bpp != 24))
                 {
                   image->colors=one << bpp;
@@ -1292,6 +1295,9 @@ static Image *ReadWPGImage(const ImageInfo *image_info,
                 }
               image->columns=Bitmap2Header1.Width;
               image->rows=Bitmap2Header1.Height;
+              status=SetImageExtent(image,image->columns,image->rows);
+              if (status == MagickFalse)
+                break;
 
               if ((image->colors == 0) && (bpp != 24))
                 {