$NetBSD: patch-ak,v 1.3 2004/09/16 19:28:56 minskim Exp $

--- extras/Xpm/lib/data.c.orig	2002-01-07 13:40:49.000000000 -0600
+++ extras/Xpm/lib/data.c
@@ -375,7 +375,7 @@ xpmGetCmt(data, cmt)
 {
     if (!data->type)
 	*cmt = NULL;
-    else if (data->CommentLength) {
+    else if (data->CommentLength != 0 && data->CommentLength < SIZE_MAX - 1) {
 	*cmt = (char *) XpmMalloc(data->CommentLength + 1);
 	strncpy(*cmt, data->Comment, data->CommentLength);
 	(*cmt)[data->CommentLength] = '\0';