summaryrefslogtreecommitdiff
path: root/src/gif.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/gif.c')
-rw-r--r--src/gif.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/src/gif.c b/src/gif.c
index d048e706..00fbf7eb 100644
--- a/src/gif.c
+++ b/src/gif.c
@@ -812,6 +812,15 @@ static size_t Gif_do_img_desc(DilloGif *gif, void *Buf,
gif->Width = LM_to_uint(buf[4], buf[5]);
gif->Height = LM_to_uint(buf[6], buf[7]);
+
+ /* check max image size */
+ if (gif->Width * gif->Height > IMAGE_MAX_W * IMAGE_MAX_H) {
+ MSG("Gif_do_img_desc: suspicious image size request %ux%u\n",
+ gif->Width, gif->Height);
+ gif->state = 999;
+ return 0;
+ }
+
gif->linebuf = dMalloc(gif->Width);
a_Dicache_set_parms(gif->url, gif->version, gif->Image,