From 48df44f3224eb8b95d66829622f919462984ca7f Mon Sep 17 00:00:00 2001
From: Felix Domke <tmbinc@elitedvb.net>
Date: Wed, 27 Jun 2007 17:14:03 +0000
Subject: [PATCH] don't crash when PNGs are too large.

---
 lib/gdi/picload.cpp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/gdi/picload.cpp b/lib/gdi/picload.cpp
index e3cdc035..6a79d552 100644
--- a/lib/gdi/picload.cpp
+++ b/lib/gdi/picload.cpp
@@ -393,7 +393,16 @@ static int png_load(const char *filename,  int *x, int *y)
 		eDebug("[PNG] Error processing");
 		return 0;
 	}
-	
+
+	if (width * height > 1000000) // 1000x1000 or equiv.
+	{
+		eDebug("[png_load] image size is %d x %d, which is \"too large\".", width, height);
+		png_read_end(png_ptr, info_ptr);
+		png_destroy_read_struct(&png_ptr, &info_ptr, (png_infopp)NULL);
+		fclose(fh);
+		return 0;
+	}
+
 	pic_buffer = new unsigned char[width * height * 3];
 	*x=width;
 	*y=height;
-- 
2.30.2