From 5567408bab9574cce070f2e3fbcbd5026c77c59b Mon Sep 17 00:00:00 2001
From: Peter Nelson <peter@peterdn.com>
Date: Sun, 1 Nov 2020 15:26:26 +0000
Subject: [PATCH] LibGfx: add bounds checking before set_pixel call in GIF
 decoder

This fixes a crash when a GIF frame extends beyond the limits of the
logical screen, causing writes past the end of the frame buffer
---
 Libraries/LibGfx/GIFLoader.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Libraries/LibGfx/GIFLoader.cpp b/Libraries/LibGfx/GIFLoader.cpp
index e8a3c8801a..06505238a4 100644
--- a/Libraries/LibGfx/GIFLoader.cpp
+++ b/Libraries/LibGfx/GIFLoader.cpp
@@ -355,7 +355,7 @@ static bool decode_frame(GIFLoadingContext& context, size_t frame_index)
                 int x = pixel_index % image.width + image.x;
                 int y = row + image.y;
 
-                if (!image.transparent || color != image.transparency_index) {
+                if (context.frame_buffer->rect().contains(x, y) && (!image.transparent || color != image.transparency_index)) {
                     context.frame_buffer->set_pixel(x, y, c);
                 }