From 8ec26f3b549c338ccbaf3e16889863efcf5143a2 Mon Sep 17 00:00:00 2001
From: Tim Ledbetter <timledbetter@gmail.com>
Date: Thu, 19 Oct 2023 21:42:04 +0100
Subject: [PATCH] LibGfx/BMPLoader: Account for header size when checking DIB
 bounds

---
 Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp b/Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp
index a48d7fdf27..0122ddd726 100644
--- a/Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp
+++ b/Userland/Libraries/LibGfx/ImageFormats/BMPLoader.cpp
@@ -845,7 +845,7 @@ static ErrorOr<void> decode_bmp_dib(BMPLoadingContext& context)
         dib_offset = context.data_offset - header_size - 4;
     }
 
-    if (dib_offset >= context.file_size)
+    if (dib_offset + header_size + 4 >= context.file_size)
         return Error::from_string_literal("DIB too large");
 
     streamer = InputStreamer(context.file_bytes + header_size + 4, dib_offset);