From 7936d9c7bec4bd459a8d4b5304a1a6fbf7dac0ea Mon Sep 17 00:00:00 2001
From: Dirk Lemstra <dirk@lemstra.org>
Date: Mon, 2 Mar 2026 20:32:25 +0100
Subject: [PATCH] Corrected the overflow check that can cause issues on 32-bit
 systems (GHSA-56jp-jfqg-f8f4)

---
 coders/sfw.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/coders/sfw.c b/coders/sfw.c
index cc5fcedc6f4..cca66ab0508 100644
--- a/coders/sfw.c
+++ b/coders/sfw.c
@@ -250,12 +250,12 @@ static Image *ReadSFWImage(const ImageInfo *image_info,ExceptionInfo *exception)
   /*
     Read image into a buffer.
   */
-  if (GetBlobSize(image) != (size_t) GetBlobSize(image))
+  extent=(size_t) GetBlobSize(image)+MagickPathExtent;
+  if (GetBlobSize(image) != extent)
     ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
   if (GetBlobSize(image) < 141)
     ThrowReaderException(CorruptImageError,"ImproperImageHeader");
-  buffer=(unsigned char *) AcquireQuantumMemory((size_t) GetBlobSize(image)+
-    MagickPathExtent,sizeof(*buffer));
+  buffer=(unsigned char *) AcquireQuantumMemory(extent,sizeof(*buffer));
   if (buffer == (unsigned char *) NULL)
     ThrowReaderException(ResourceLimitError,"MemoryAllocationFailed");
   count=ReadBlob(image,(size_t) GetBlobSize(image),buffer);