Skip MNG CLIP chunk with out-of-range object IDs

author Glenn Randers-Pehrson <glennrp@gmail.com>

Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)

committer Glenn Randers-Pehrson <glennrp@gmail.com>

Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)
author Glenn Randers-Pehrson <glennrp@gmail.com>
Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)
committer Glenn Randers-Pehrson <glennrp@gmail.com>
Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)
diff --git a/coders/png.c b/coders/png.c

index d6d33ee3603e00056e5fb874fadcc177fe6b5feb..ea6dce6ab5f862a70a5ef5c2287127ded3125930 100644 (file)
--- a/coders/png.c
+++ b/coders/png.c
@@ -5899,6 +5899,9 @@ static Image *ReadOneMNGImage(MngInfo* mng_info, const ImageInfo *image_info,
  
                  for (i=(int) first_object; i <= (int) last_object; i++)
                  {
+                  if ((i < 0) || (i >= MNG_MAX_OBJECTS))
+                    continue;
+
                    if (mng_info->exists[i] && !mng_info->frozen[i])
                      {
                        MngBox
author	Glenn Randers-Pehrson <glennrp@gmail.com>
	Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)
committer	Glenn Randers-Pehrson <glennrp@gmail.com>
	Mon, 10 Jul 2017 02:42:32 +0000 (22:42 -0400)