diff options
| author | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 12:55:26 +0800 |
|---|---|---|
| committer | Sebastian Rasmussen <sebras@gmail.com> | 2016-09-27 20:04:03 +0800 |
| commit | 651c9f1d93c81c84deaf76debec0a30e54a67d7e (patch) | |
| tree | d2962f976ecd4d3ea06f7f7aa8206e92cc4edb59 | |
| parent | 2eaa779a1cac30dc1a909a850bfac78be14d907c (diff) | |
| download | mupdf-651c9f1d93c81c84deaf76debec0a30e54a67d7e.tar.xz | |
Bug 697161: gif: Frames may not be bigger than the image.
| -rw-r--r-- | source/fitz/load-gif.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source/fitz/load-gif.c b/source/fitz/load-gif.c index 0eda5bcb..6ebaa271 100644 --- a/source/fitz/load-gif.c +++ b/source/fitz/load-gif.c @@ -178,8 +178,8 @@ gif_read_id(fz_context *ctx, struct info *info, unsigned char *p, unsigned char info->image_left = p[2] << 8 | p[1]; info->image_top = p[4] << 8 | p[3]; - info->image_width = p[6] << 8 | p[5]; - info->image_height = p[8] << 8 | p[7]; + info->image_width = fz_clampi(p[6] << 8 | p[5], 0, info->width - 1); + info->image_height = fz_clampi(p[8] << 8 | p[7], 0, info->height - 1); info->has_lct = (p[9] >> 7) & 0x1; info->image_interlaced = (p[9] >> 6) & 0x1; |