block 0 width or height images from imagemagick

IM could return 0 width and/or height for some crafted images. Block
these.

Thanks @Koen1999.

See https://github.com/libvips/libvips/issues/1890

ChangeLog

@@ -8,7 +8,8 @@
 - hide info messages you could get with some older glibs [kleisauke]
 - fix --no-strip on dzsave with icc-profiles [altert]
 - better GraphicsMagick image write [bfriesen]
-- Add missing read loops to spng, heif, giflib and ppm load [kleisauke]
+- add missing read loops to spng, heif, giflib and ppm load [kleisauke]
+- block zero width or height images from imagemagick load [Koen1999]
 
 6/9/20 started 8.10.2
 - update magicksave/load profile handling [kelilevi]

libvips/foreign/magick2vips.c

@@ -336,8 +336,18 @@ parse_header( Read *read )
 	im->Xsize = image->columns;
 	im->Ysize = image->rows;
 	read->frame_height = image->rows;
-	if( (im->Bands = get_bands( image )) < 0 )
+	im->Bands = get_bands( image );
+	if( im->Xsize <= 0 ||
+		im->Ysize <= 0 ||
+		im->Bands <= 0 ||
+		im->Xsize >= VIPS_MAX_COORD ||
+		im->Ysize >= VIPS_MAX_COORD ||
+		im->Bands >= VIPS_MAX_COORD ) {
+		vips_error( "magick2vips",
+			_( "bad image dimensions %d x %d pixels, %d bands" ),
+			im->Xsize, im->Ysize, im->Bands );
 		return( -1 );
+	}
 
 	/* Depth can be 'fractional'. 
 	 *

libvips/foreign/magick7load.c

@@ -449,6 +449,17 @@ vips_foreign_load_magick7_parse( VipsForeignLoadMagick7 *magick7,
 	out->Ysize = image->rows;
 	magick7->frame_height = image->rows;
 	out->Bands = magick7_get_bands( image ); 
+	if( out->Xsize <= 0 ||
+		out->Ysize <= 0 ||
+		out->Bands <= 0 ||
+		out->Xsize >= VIPS_MAX_COORD ||
+		out->Ysize >= VIPS_MAX_COORD ||
+		out->Bands >= VIPS_MAX_COORD ) ||
+		vips_error( class->nickname, 
+			_( "bad image dimensions %d x %d pixels, %d bands" ),
+			out->Xsize, out->Ysize, out->Bands );
+		return( -1 );
+	}
 
 	/* Depth can be 'fractional'. You'd think we should use
 	 * GetImageDepth() but that seems to compute something very complex.