This feels very severe to me -- it'll block all truncated GIFs, and that's a common case that used to be handled.

Is there some other way we can fix this? Perhaps some sanity checking on the dimensions?

Looks like the parameters of the calloc call in vips_foreign_load_nsgif_bitmap_create is overflowing. Here's the salient part of that OSS-Fuzz issue:

ERROR: AddressSanitizer: calloc parameters overflow: count * size (-1643047120 * 4) cannot be represented in type size_t (thread T0)
<snip />
  | #1 0x787bab in vips_foreign_load_nsgif_bitmap_create libvips/libvips/foreign/nsgifload.c:510:16
<snip />

Perhaps a sanity check would help there?

Oh, good idea, perhaps

        if( width <= 0 ||
                width > VIPS_MAX_COORD ||
                height <= 0 ||
                height > VIPS_MAX_COORD ) {
                vips_error ...
                return( NULL );
        }

        return calloc( (size_t) width * height, 4 );

Though it would still be easy to bust through the 2gb fuzz limit, of course.

Thanks for the feedback, take 2 of this PR at #2168