$OpenBSD: patch-pbm_icontopbm_c,v 1.1 2003/03/29 04:13:54 brad Exp $
--- pbm/icontopbm.c.orig	Mon Oct  4 05:10:28 1993
+++ pbm/icontopbm.c	Fri Mar 28 20:22:06 2003
@@ -10,6 +10,8 @@
 ** implied warranty.
 */
 
+#include <string.h>
+#include <limits.h>
 #include "pbm.h"
 
 static void ReadIconFile ARGS(( FILE* file, int* width, int* height, short** data ));
@@ -137,6 +139,11 @@ ReadIconFile( file, width, height, data 
     if ( *height <= 0 )
 	pm_error( "invalid height: %d", *height );
 
+    if ( *width > INT_MAX - 16 || *width < 0)
+    	pm_error( "invalid width: %d", *width);
+    
+    overflow2(*width + 16, *height);
+    
     data_length = BitmapSize( *width, *height );
     *data = (short*) malloc( data_length );
     if ( *data == NULL )
