From 4a108df0ebb68e9ea1073d53c14d8f897e43f21c Mon Sep 17 00:00:00 2001
From: Lars Ingebrigtsen <larsi@gnus.org>
Date: Tue, 12 Apr 2022 15:11:09 +0200
Subject: Fix check for whether frames fit into gif images

* src/image.c (gif_load): Really check all frames that they fit.
---
 src/image.c | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

(limited to 'src/image.c')

diff --git a/src/image.c b/src/image.c
index b6edcf96a0b..3afb8324078 100644
--- a/src/image.c
+++ b/src/image.c
@@ -8937,16 +8937,19 @@ gif_load (struct frame *f, struct image *img)
 
       /* Check that the selected subimages fit.  It's not clear whether
 	 the GIF spec requires this, but Emacs can crash if they don't fit.  */
-      for (j = 0; j <= idx; ++j)
+      for (j = 0; j < gif->ImageCount; ++j)
 	{
 	  struct SavedImage *subimage = gif->SavedImages + j;
 	  int subimg_width = subimage->ImageDesc.Width;
 	  int subimg_height = subimage->ImageDesc.Height;
 	  int subimg_top = subimage->ImageDesc.Top;
 	  int subimg_left = subimage->ImageDesc.Left;
-	  if (! (subimg_width >= 0 && subimg_height >= 0
-		 && 0 <= subimg_top && subimg_top <= height - subimg_height
-		 && 0 <= subimg_left && subimg_left <= width - subimg_width))
+	  if (subimg_width < 0
+	      || subimg_height < 0
+	      || subimg_top < 0
+	      || subimg_left < 0
+	      || subimg_top + subimg_height > height
+	      || subimg_left + subimg_width > width)
 	    {
 	      image_error ("Subimage does not fit in image");
 	      goto gif_error;
-- 
cgit v1.2.3