Index: devil/src-IL/src/il_hdr.c
===================================================================
--- devil.orig/src-IL/src/il_hdr.c	2009-01-15 18:47:34.000000000 +0000
+++ devil/src-IL/src/il_hdr.c	2009-01-15 18:47:46.000000000 +0000
@@ -85,7 +85,7 @@
 	if (iread(&a, 1, 1) != 1)
 		return IL_FALSE;
 
-	while(!done) {
+	while (!done) {
 		if (iread(&b, 1, 1) != 1)
 			return IL_FALSE;
 		if (b == '\n' && a == '\n')
@@ -98,6 +98,10 @@
 	if (iread(&a, 1, 1) != 1)
 		return IL_FALSE;
 	while (a != '\n') {
+		if (count >= sizeof(buff) - 1) {  // Line shouldn't be this long at all.
+			ilSetError(IL_INVALID_FILE_HEADER);
+			return IL_FALSE;
+		}
 		buff[count] = a;
 		if (iread(&a, 1, 1) != 1)
 			return IL_FALSE;
@@ -113,8 +117,9 @@
 	//nothing that really changes the appearance of the loaded image...
 	//(The code as it is now assumes that y contains "-Y" and x contains
 	//"+X" after the following line)
-	//Furthermore, this crashes if the read strings are longer than 2 chars o_O
-	sscanf(buff, "%s %d %s %d", y, &Header->Height, x, &Header->Width);
+
+	// The 2 has to be in the %s format specifier to prevent buffer overruns.
+	sscanf(buff, "%2s %d %2s %d", y, &Header->Height, x, &Header->Width);
 
 	return IL_TRUE;
 }