From 20c10c81927790c700480a67dc48aebe2228d6e2 Mon Sep 17 00:00:00 2001
From: zhangshaoning <zhangshaoning@uniontech.com>
Date: Sat, 6 May 2023 15:06:22 +0800
Subject: [PATCH] CVE-2022-45198

---
 Tests/test_decompression_bomb.py            |   5 +++++
 src/PIL/GifImagePlugin.py                   |   1 +
 2 files changed, 6 insertions(+)

diff --git a/Tests/test_decompression_bomb.py b/Tests/test_decompression_bomb.py
index d918ef9..18fed06 100644
--- a/Tests/test_decompression_bomb.py
+++ b/Tests/test_decompression_bomb.py
@@ -62,6 +62,11 @@ class TestDecompressionBomb:
             with Image.open("Tests/images/decompression_bomb.gif"):
                 pass
 
+    def test_exception_gif_extents(self):
+        with Image.open("Tests/images/decompression_bomb_extents.gif") as im:
+            with pytest.raises(Image.DecompressionBombError):
+                im.seek(1)
+
     def test_exception_bmp(self):
         with pytest.raises(Image.DecompressionBombError):
             with Image.open("Tests/images/bmp/b/reallybig.bmp"):
diff --git a/src/PIL/GifImagePlugin.py b/src/PIL/GifImagePlugin.py
index 8c2180b..04b567a 100644
--- a/src/PIL/GifImagePlugin.py
+++ b/src/PIL/GifImagePlugin.py
@@ -247,6 +247,7 @@ class GifImageFile(ImageFile.ImageFile):
                 x1, y1 = x0 + i16(s, 4), y0 + i16(s, 6)
                 if x1 > self.size[0] or y1 > self.size[1]:
                     self._size = max(x1, self.size[0]), max(y1, self.size[1])
+                    Image._decompression_bomb_check(self._size)
                 self.dispose_extent = x0, y0, x1, y1
                 flags = s[8]
 
-- 
2.20.1