sergiotarxz
/
libvips
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gifload: ensure total height of all pages is sanitised

This commit is contained in:
Lovell Fuller 2020-11-20 21:18:18 +00:00
parent e8660a7426
commit 82c9a820d7
2 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
fuzz/common_fuzzer_corpus/sharpen_fuzzer-5806172036399104 Normal file
View File

Binary file not shown.

8
libvips/foreign/gifload.c
View File

@ -700,8 +700,14 @@ vips_foreign_load_gif_scan_extension( VipsForeignLoadGif *gif )
static int
vips_foreign_load_gif_set_header( VipsForeignLoadGif *gif, VipsImage *image )
{
const gint64 total_height = (gint64) gif->file->SHeight * gif->n;
if ( total_height <= 0 || total_height > VIPS_MAX_COORD ) {
vips_error( "gifload", "%s",
_( "image size out of bounds" ) );
return( -1 );
}
vips_image_init_fields( image,
gif->file->SWidth, gif->file->SHeight * gif->n,
gif->file->SWidth, (int) total_height,
(gif->has_colour ? 3 : 1) + (gif->has_transparency ? 1 : 0),
VIPS_FORMAT_UCHAR, VIPS_CODING_NONE,
gif->has_colour ?