Return error for too large GIF-files

Author: LinusU

src/Image.cc

@@ -535,6 +535,14 @@ Image::loadGIFFromBuffer(uint8_t *buf, unsigned len) {
   width = gif->SWidth;
   height = gif->SHeight;
 
+  /* Cairo limit:
+   * https://lists.cairographics.org/archives/cairo/2010-December/021422.html
+   */
+  if (width > 32767 || height > 32767) {
+    GIF_CLOSE_FILE(gif);
+    return CAIRO_STATUS_INVALID_SIZE;
+  }
+
   uint8_t *data = (uint8_t *) malloc(width * height * 4);
   if (!data) {
     GIF_CLOSE_FILE(gif);