diff --git a/autistdraw.c b/autistdraw.c
index 2899251..45f63a5 100644
--- a/autistdraw.c
+++ b/autistdraw.c
@@ -828,7 +828,10 @@ load (app_context_t *app)
 	if (fscanf (fp, "%d %d %zu %zu", &x, &y, &w, &h) != 4)
 		goto error;
 
+	if (w && h > SIZE_MAX / w)
+		goto error;
 	size_t size = w * h;
+
 	uint8_t *bitmap = calloc (size, sizeof *bitmap);
 	if (!bitmap)
 		goto error;