Bug 697161: gif: Frames may not be bigger than the image.

author: Sebastian Rasmussen <sebras@gmail.com> 2016-09-27 12:55:26 +0800
committer: Sebastian Rasmussen <sebras@gmail.com> 2016-09-27 20:04:03 +0800
commit: 651c9f1d93c81c84deaf76debec0a30e54a67d7e (patch)
tree: d2962f976ecd4d3ea06f7f7aa8206e92cc4edb59 /source/fitz
parent: 2eaa779a1cac30dc1a909a850bfac78be14d907c (diff)
download: mupdf-651c9f1d93c81c84deaf76debec0a30e54a67d7e.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/source/fitz/load-gif.c b/source/fitz/load-gif.c
index 0eda5bcb..6ebaa271 100644
--- a/source/fitz/load-gif.c
+++ b/source/fitz/load-gif.c
@@ -178,8 +178,8 @@ gif_read_id(fz_context *ctx, struct info *info, unsigned char *p, unsigned char
 
 	info->image_left = p[2] << 8 | p[1];
 	info->image_top = p[4] << 8 | p[3];
-	info->image_width = p[6] << 8 | p[5];
-	info->image_height = p[8] << 8 | p[7];
+	info->image_width = fz_clampi(p[6] << 8 | p[5], 0, info->width - 1);
+	info->image_height = fz_clampi(p[8] << 8 | p[7], 0, info->height - 1);
 	info->has_lct = (p[9] >> 7) & 0x1;
 	info->image_interlaced = (p[9] >> 6) & 0x1;
author	Sebastian Rasmussen <sebras@gmail.com>	2016-09-27 12:55:26 +0800
committer	Sebastian Rasmussen <sebras@gmail.com>	2016-09-27 20:04:03 +0800
commit	651c9f1d93c81c84deaf76debec0a30e54a67d7e (patch)
tree	d2962f976ecd4d3ea06f7f7aa8206e92cc4edb59 /source/fitz
parent	2eaa779a1cac30dc1a909a850bfac78be14d907c (diff)
download	mupdf-651c9f1d93c81c84deaf76debec0a30e54a67d7e.tar.xz