Severity: minor

Since XPM files are untrusted input, I think we'd better handle integer
overflow when parsing it, in case the file is malformed.

Proposed patch attached.