[gimp] SGI: fix out of bounds writes

[Nils Philippsen <nphilipp src gnome org>]

commit 4d9724f2f67bca4005ca50c22afccd7bf30cc2e8
Author: Simon Budig <simon gimp org>
Date:   Wed Dec 9 16:05:05 2009 +0100

    SGI: fix out of bounds writes
    
    The functions read_rle8() and read_rle16() didn't check if the addresses
    to which they wrote are in bounds when expanding runlength encoded data.

 plug-ins/file-sgi/sgi-lib.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)
---
diff --git a/plug-ins/file-sgi/sgi-lib.c b/plug-ins/file-sgi/sgi-lib.c
index 7fd61d0..c26e24e 100644
--- a/plug-ins/file-sgi/sgi-lib.c
+++ b/plug-ins/file-sgi/sgi-lib.c
@@ -680,7 +680,7 @@ read_rle8(sgi_t *sgip,		/* I - SGI image to read from */
       return (-1);
     length ++;
 
-    count = ch & 127;
+    count = MIN (ch & 127, xsize);
     if (count == 0)
       break;
 
@@ -725,7 +725,7 @@ read_rle16(sgi_t *sgip,		/* I - SGI image to read from */
       return (-1);
     length ++;
 
-    count = ch & 127;
+    count = MIN (ch & 127, xsize);
     if (count == 0)
       break;