summaryrefslogtreecommitdiff
path: root/src/gif.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gif.c')
-rw-r--r--src/gif.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/gif.c b/src/gif.c
index 00fbf7eb..4a2bb847 100644
--- a/src/gif.c
+++ b/src/gif.c
@@ -814,7 +814,8 @@ static size_t Gif_do_img_desc(DilloGif *gif, void *Buf,
gif->Height = LM_to_uint(buf[6], buf[7]);
/* check max image size */
- if (gif->Width * gif->Height > IMAGE_MAX_W * IMAGE_MAX_H) {
+ if (gif->Width <= 0 || gif->Height <= 0 ||
+ gif->Width > (IMAGE_MAX_W * IMAGE_MAX_H) / gif->Height) {
MSG("Gif_do_img_desc: suspicious image size request %ux%u\n",
gif->Width, gif->Height);
gif->state = 999;