--- imlib-1.9.14/gdk_imlib/io-bmp.c.fix	2004-08-25 15:33:08.000000000 +0200
+++ imlib-1.9.14/gdk_imlib/io-bmp.c	2004-08-25 15:34:20.019333927 +0200
@@ -42,12 +42,12 @@
   fread(dbuf, 4, 2, file);
   *w = (int)dbuf[0];
   *h = (int)dbuf[1];
-  if (*w > 32767)
+  if ((*w < 0) || (*w > 32767))
     {
       fprintf(stderr, "IMLIB ERROR: Image width > 32767 pixels for file\n");
       return NULL;
     }
-  if (*h > 32767)
+  if ((*h > 32767) || (*h < 0))
     {
       fprintf(stderr, "IMLIB ERROR: Image height > 32767 pixels for file\n");
       return NULL;
@@ -72,6 +72,10 @@
   ncolors = (int)dbuf[0];
   if (ncolors == 0)
     ncolors = 1 << bpp;
+
+  if ((ncolors > (1 << bpp)) || (ncolors < 0))
+    ncolors = 1 << bpp;
+
   /* some more sanity checks */
   if (((comp == BI_RLE4) && (bpp != 4)) || ((comp == BI_RLE8) && (bpp != 8)) || ((comp == BI_BITFIELDS) && (bpp != 16 && bpp != 32)))
     {