From 179510be300bf11115e37528d79619b53c884a63 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 5 Jan 2016 23:01:45 -0500
Subject: [PATCH] Address SF bug #71: Buffer overwrite when giffixing a
 malformed gif.

---
 util/giffix.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/util/giffix.c b/util/giffix.c
index 6fba84a..c14c45b 100644
--- a/util/giffix.c
+++ b/util/giffix.c
@@ -112,6 +112,8 @@ int main(int argc, char **argv)
 		Height = GifFileIn->Image.Height;
 		GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]:     ",
 		    PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height);
+		if (Width > GifFileIn->SWidth)
+		    GIF_EXIT("Image is wider than total");
 
 		/* Put the image descriptor to out file: */
 		if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height,
-- 
1.9.1