--- gimp-2.2.14/ChangeLog.sunras-overflow	2007-04-17 23:58:21.000000000 +0200
+++ gimp-2.2.14/ChangeLog	2007-04-30 15:38:06.000000000 +0200
@@ -0,0 +1,7 @@
+2007-04-27  Sven Neumann  <sven@gimp.org>
+
+	Merged from trunk:
+
+	* plug-ins/common/sunras.c (set_color_table): guard against a
+	possible stack overflow.
+
--- gimp-2.2.14/plug-ins/common/sunras.c.sunras-overflow	2007-04-17 23:11:23.000000000 +0200
+++ gimp-2.2.14/plug-ins/common/sunras.c	2007-04-30 15:36:33.000000000 +0200
@@ -102,8 +102,7 @@
                           gint32            image_ID,
                           gint32            drawable_ID);
 
-static void set_color_table (gint32, L_SUNFILEHEADER *, unsigned char *);
-
+static void   set_color_table  (gint32, L_SUNFILEHEADER *, const guchar *);
 static gint32 create_new_image (const gchar   *filename,
                                 guint          width,
                                 guint          height,
@@ -865,19 +864,20 @@
 static void
 set_color_table (gint32           image_ID,
 		 L_SUNFILEHEADER *sunhdr,
-		 guchar          *suncolmap)
+		 const guchar    *suncolmap)
 {
-  int ncols, j;
-  guchar ColorMap[256*3];
+  guchar ColorMap[256 * 3];
+  gint   ncols, j;
 
   ncols = sunhdr->l_ras_maplength / 3;
-  if (ncols <= 0) return;
+  if (ncols <= 0)
+    return;
 
-  for (j = 0; j < ncols; j++)
+  for (j = 0; j < MIN (ncols, 256); j++)
     {
-      ColorMap[j*3]   = suncolmap[j];
-      ColorMap[j*3+1] = suncolmap[j+ncols];
-      ColorMap[j*3+2] = suncolmap[j+2*ncols];
+      ColorMap[j * 3 + 0] = suncolmap[j];
+      ColorMap[j * 3 + 1] = suncolmap[j + ncols];
+      ColorMap[j * 3 + 2] = suncolmap[j + 2 * ncols];
     }
 
 #ifdef DEBUG
@@ -886,6 +886,7 @@
     printf ("%3d: 0x%02x 0x%02x 0x%02x\n", j,
 	    ColorMap[j*3], ColorMap[j*3+1], ColorMap[j*3+2]);
 #endif
+
   gimp_image_set_colormap (image_ID, ColorMap, ncols);
 }