--- ImageMagick-6.2.4/coders/sgi.c.cve-2006-5868	2006-12-01 12:22:07.000000000 -0700
+++ ImageMagick-6.2.4/coders/sgi.c	2006-12-01 12:24:04.000000000 -0700
@@ -171,13 +171,13 @@ static void SGIDecode(const unsigned lon
   q=pixels;
   if (bytes_per_pixel == 2)
     {
-      for (i=0; i < (long) width; )
+      for ( i=0 ; ; )
       {
         pixel=(unsigned long) (*p++) << 8;
         pixel|=(*p++);
         count=(ssize_t) (pixel & 0x7f);
         i+=count;
-        if (count == 0)
+	if (count == 0 || i > (long) width)
           break;
         if ((pixel & 0x80) != 0)
           for ( ; count != 0; count--)
@@ -200,13 +200,13 @@ static void SGIDecode(const unsigned lon
       }
       return;
     }
-  for (i=0; i < (long) width; )
+  for ( i=0 ; ; )
   {
     pixel=(unsigned long) (*p++);
     count=(ssize_t) (pixel & 0x7f);
-    if (count == 0)
-      break;
     i+=count;
+    if (count == 0 || i > (long) width)
+      break;
     if ((pixel & 0x80) != 0)
       for ( ; count != 0; count--)
       {
@@ -304,6 +304,8 @@ static Image *ReadSGIImage(const ImageIn
     image->columns=iris_info.columns;
     image->rows=iris_info.rows;
     image->depth=(unsigned long) (iris_info.depth <= 8 ? 8 : QuantumDepth);
+    if (iris_info.depth > 4 || iris_info.depth == 0)
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
     if (iris_info.depth < 3)
       {
         image->storage_class=PseudoClass;