From 651c9f1d93c81c84deaf76debec0a30e54a67d7e Mon Sep 17 00:00:00 2001 From: Sebastian Rasmussen Date: Tue, 27 Sep 2016 12:55:26 +0800 Subject: Bug 697161: gif: Frames may not be bigger than the image. --- source/fitz/load-gif.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source/fitz') diff --git a/source/fitz/load-gif.c b/source/fitz/load-gif.c index 0eda5bcb..6ebaa271 100644 --- a/source/fitz/load-gif.c +++ b/source/fitz/load-gif.c @@ -178,8 +178,8 @@ gif_read_id(fz_context *ctx, struct info *info, unsigned char *p, unsigned char info->image_left = p[2] << 8 | p[1]; info->image_top = p[4] << 8 | p[3]; - info->image_width = p[6] << 8 | p[5]; - info->image_height = p[8] << 8 | p[7]; + info->image_width = fz_clampi(p[6] << 8 | p[5], 0, info->width - 1); + info->image_height = fz_clampi(p[8] << 8 | p[7], 0, info->height - 1); info->has_lct = (p[9] >> 7) & 0x1; info->image_interlaced = (p[9] >> 6) & 0x1; -- cgit v1.2.3