$NetBSD: patch-ak,v 1.1 2004/09/16 19:36:10 minskim Exp $

--- extras/Xpm/lib/data.c.orig	2004-03-04 11:46:10.000000000 -0600
+++ extras/Xpm/lib/data.c
@@ -375,7 +375,7 @@ xpmGetCmt(data, cmt)
 {
     if (!data->type)
 	*cmt = NULL;
-    else if (data->CommentLength) {
+    else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
 	*cmt = (char *) XpmMalloc(data->CommentLength + 1);
 	strncpy(*cmt, data->Comment, data->CommentLength);
 	(*cmt)[data->CommentLength] = '\0';
