File tree Expand file tree Collapse file tree 2 files changed +10
-1
lines changed Expand file tree Collapse file tree 2 files changed +10
-1
lines changed Original file line number Diff line number Diff line change 1010- better GraphicsMagick image write [bfriesen]
1111- add missing read loops to spng, heif, giflib and ppm load [kleisauke]
1212- block zero width or height images from imagemagick load [Koen1999]
13+ - check for overflow in gifload height [lovell]
1314
14156/9/20 started 8.10.2
1516- update magicksave/load profile handling [kelilevi]
Original file line number Diff line number Diff line change @@ -700,8 +700,16 @@ vips_foreign_load_gif_scan_extension( VipsForeignLoadGif *gif )
700700static int
701701vips_foreign_load_gif_set_header ( VipsForeignLoadGif * gif , VipsImage * image )
702702{
703+ const gint64 total_height = (gint64 ) gif -> file -> SHeight * gif -> n ;
704+
705+ if ( total_height <= 0 ||
706+ total_height > VIPS_MAX_COORD ) {
707+ vips_error ( "gifload" , "%s" , _ ( "image size out of bounds" ) );
708+ return ( -1 );
709+ }
710+
703711 vips_image_init_fields ( image ,
704- gif -> file -> SWidth , gif -> file -> SHeight * gif -> n ,
712+ gif -> file -> SWidth , total_height ,
705713 (gif -> has_colour ? 3 : 1 ) + (gif -> has_transparency ? 1 : 0 ),
706714 VIPS_FORMAT_UCHAR , VIPS_CODING_NONE ,
707715 gif -> has_colour ?
You can’t perform that action at this time.
0 commit comments