Added image size sanity checksrelease-2_1

author: Jorge Arellano Cid <jcid@dillo.org> 2009-06-19 19:07:47 -0400
committer: Jorge Arellano Cid <jcid@dillo.org> 2009-06-19 19:07:47 -0400
commit: d1e9237fdaf8a2e5ba5993fbd0efa9a016b4cc6e (patch)
tree: 6825edd02e38a175eaa4fcd35f8cb722d59b8706 /src/gif.c
parent: 30ef110e2384e0ad26c2131b9d530f53954bcde9 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/src/gif.c b/src/gif.c
index d048e706..00fbf7eb 100644
--- a/src/gif.c
+++ b/src/gif.c
@@ -812,6 +812,15 @@ static size_t Gif_do_img_desc(DilloGif *gif, void *Buf,
 
    gif->Width   = LM_to_uint(buf[4], buf[5]);
    gif->Height  = LM_to_uint(buf[6], buf[7]);
+
+   /* check max image size */
+   if (gif->Width * gif->Height > IMAGE_MAX_W * IMAGE_MAX_H) {
+      MSG("Gif_do_img_desc: suspicious image size request %ux%u\n",
+          gif->Width, gif->Height);
+      gif->state = 999;
+      return 0;
+   }
+
    gif->linebuf = dMalloc(gif->Width);
 
    a_Dicache_set_parms(gif->url, gif->version, gif->Image,
author	Jorge Arellano Cid <jcid@dillo.org>	2009-06-19 19:07:47 -0400
committer	Jorge Arellano Cid <jcid@dillo.org>	2009-06-19 19:07:47 -0400
commit	d1e9237fdaf8a2e5ba5993fbd0efa9a016b4cc6e (patch)
tree	6825edd02e38a175eaa4fcd35f8cb722d59b8706 /src/gif.c
parent	30ef110e2384e0ad26c2131b9d530f53954bcde9 (diff)