$OpenBSD: patch-gdk-pixbuf_io-xpm_c,v 1.1 2004/09/19 23:41:32 brad Exp $
--- gdk-pixbuf/io-xpm.c.orig	Sat Sep 18 22:04:13 2004
+++ gdk-pixbuf/io-xpm.c	Sat Sep 18 22:06:26 2004
@@ -352,17 +352,30 @@ pixbuf_create_from_xpm (const gchar * (*
 		return NULL;
 	}
 	sscanf (buffer, "%d %d %d %d", &w, &h, &n_col, &cpp);
-	if (cpp >= 32) {
+	if (cpp <= 0 || cpp >= 32) {
 		g_warning ("XPM has more than 31 chars per pixel.");
 		return NULL;
 	}
+	if (n_col <= 0 || n_col >= G_MAXINT / (cpp + 1)) {
+		g_warning ("XPM file has invalid number of colors.");
+		return NULL;
+	}
 
 	/* The hash is used for fast lookups of color from chars */
 	color_hash = g_hash_table_new (g_str_hash, g_str_equal);
 
 	name_buf = g_new (gchar, n_col * (cpp + 1));
-	colors = g_new (_XPMColor, n_col);
-
+	if (!name_buf) {
+		g_warning ("Cannot allocate memory for loading XPM image.");
+		g_hash_table_destroy (color_hash);
+		return NULL;
+	}
+	colors = (_XPMColor *) g_malloc (sizeof (_XPMColor) * n_col);
+	if (!colors) {
+		g_warning ("Cannot allocate memory for loading XPM image.");
+		g_hash_table_destroy (color_hash);
+		return NULL;
+	}
 	for (cnt = 0; cnt < n_col; cnt++) {
 		gchar *color_name;
 
