diff options
-rw-r--r-- | NEWS | 8 | ||||
-rw-r--r-- | lib/dgif_lib.c | 5 | ||||
-rw-r--r-- | util/gif2rgb.c | 8 |
3 files changed, 20 insertions, 1 deletions
@@ -1,5 +1,13 @@ GIFLIB NEWS +Repository head +=============== + +Code Fixes +---------- + +* Fix SF bug #87 Heap buffer overflow in 5.1.2 (gif2rgb). + Version 5.1.2 ============= diff --git a/lib/dgif_lib.c b/lib/dgif_lib.c index e22925e..09dccc2 100644 --- a/lib/dgif_lib.c +++ b/lib/dgif_lib.c @@ -289,6 +289,11 @@ DGifGetScreenDesc(GifFileType *GifFile) GifFile->SColorMap = NULL; } + /* + * No check here for whether the background color is in range for the + * screen color map. Possibly there should be. + */ + return GIF_OK; } diff --git a/util/gif2rgb.c b/util/gif2rgb.c index c71d4fa..051c5a2 100644 --- a/util/gif2rgb.c +++ b/util/gif2rgb.c @@ -15,7 +15,7 @@ Toshio Kuratomi had written this in a comment about the rgb2gif code: I (ESR) took this off the main to-do list in 2012 because I don't think the GIFLIB project actually needs to be in the converters-and-tools business. -Plenty of hackers do that; our jub is to supply stable library capability +Plenty of hackers do that; our job is to supply stable library capability with our utilities mainly interesting as test tools. ***************************************************************************/ @@ -478,6 +478,12 @@ static void GIF2RGB(int NumFiles, char *FileName, exit(EXIT_FAILURE); } + /* check that the background color isn't garbage (SF bug #87) */ + if (GifFile->SBackGroundColor < 0 || GifFile->SBackGroundColor >= ColorMap->ColorCount) { + fprintf(stderr, "Background color out of range for colormap\n"); + exit(EXIT_FAILURE); + } + DumpScreen2RGB(OutFileName, OneFileFlag, ColorMap, ScreenBuffer, |