Description: Fix overflow in pict image parsing
 Backport a small part of an upstream commit fixing
 an issue with pict image parsing.
Origin: backport, https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
Applied-Upstream: 7.0.0
Last-Update: 2015-11-27
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
--- a/coders/pict.c
+++ b/coders/pict.c
@@ -1589,6 +1589,7 @@ static MagickBooleanType WritePICTImage(
     x;
 
   size_t
+    row_bytes,
     count;
 
   unsigned char
@@ -1602,7 +1603,6 @@ static MagickBooleanType WritePICTImage(
 
   unsigned short
     base_address,
-    row_bytes,
     transfer_mode;
 
   /*
@@ -1633,7 +1633,7 @@ static MagickBooleanType WritePICTImage(
   source_rectangle=size_rectangle;
   destination_rectangle=size_rectangle;
   base_address=0xff;
-  row_bytes=(unsigned short) (image->columns | 0x8000);
+  row_bytes=image->columns;
   bounds.top=0;
   bounds.left=0;
   bounds.bottom=(short) image->rows;
@@ -1663,7 +1663,7 @@ static MagickBooleanType WritePICTImage(
       pixmap.bits_per_pixel=32;
       pixmap.pack_type=0x04;
       transfer_mode=0x40;
-      row_bytes=(unsigned short) ((4*image->columns) | 0x8000);
+      row_bytes=4*image->columns;
     }
   /*
     Allocate memory.