Index: configure.ac
===================================================================
RCS file: /cvsroot/giflib/giflib/configure.ac,v
retrieving revision 1.12
diff -u -r1.12 configure.ac
--- configure.ac	21 Jan 2008 23:44:30 -0000	1.12
+++ configure.ac	22 Jan 2008 09:51:32 -0000
@@ -79,6 +79,8 @@
 AC_CHECK_HEADERS(fcntl.h, ,
 		 AC_MSG_ERROR([giflib 4.x must have fcntl.h to compile]))
 
+AC_CHECK_HEADERS(limits.h, [], [])
+
 dnl Now look for a 32 bit integer type
 foundint=no
 AC_CHECK_TYPES([u_int32_t], [AC_DEFINE([UINT32], u_int32_t,
Index: lib/dgif_lib.c
===================================================================
RCS file: /cvsroot/giflib/giflib/lib/dgif_lib.c,v
retrieving revision 1.8
diff -u -r1.8 dgif_lib.c
--- lib/dgif_lib.c	22 Jan 2008 00:32:23 -0000	1.8
+++ lib/dgif_lib.c	22 Jan 2008 09:51:32 -0000
@@ -14,6 +14,14 @@
 #include <config.h>
 #endif
 
+#ifdef HAVE_LIMITS_H
+#include <limits.h>
+#endif
+
+#ifndef INT_MAX
+#define INT_MAX 2147483647
+#endif
+
 #include <stdlib.h>
 #if defined (__MSDOS__) && !defined(__DJGPP__) && !defined(__GNUC__)
 #include <io.h>
@@ -1037,11 +1045,17 @@
                   return (GIF_ERROR);
 
               sp = &GifFile->SavedImages[GifFile->ImageCount - 1];
-              if (sp->ImageDesc.Width * sp->ImageDesc.Height <= SIZE_MAX) {
+
+              /* check for integer overflow */
+              if (sp->ImageDesc.Width > 0 && sp->ImageDesc.Height > 0 && sp->ImageDesc.Width <= (INT_MAX / sp->ImageDesc.Height)) {
                   ImageSize = sp->ImageDesc.Width * sp->ImageDesc.Height;
               } else {
                   return GIF_ERROR;
               }
+              
+              if (ImageSize > (SIZE_MAX / sizeof(GifPixelType))) {
+                  return GIF_ERROR;
+              }
 
               sp->RasterBits = (unsigned char *)malloc(ImageSize *
                                                        sizeof(GifPixelType));