Comment 5 for bug 1459747

That bug only works on 32 bit systems because ReadBlobLSBLong() reads 4 bytes and returns an "unsigned int" which is then stored in a "size_t" (the length variable) which is usually 64 bit on 64 bit systems. So length+14 does not overflow and the huge memory allocation simply fails.

Note that old versions of ImageMagick added 12 and not 16 to the length so that the sample corruption.ico also doesn't work to reproduce the bug in old versions (I looked at 6.6.0.4 for the needs of Debian Squeeze). Attached is another version of the file that should work on such versions.