1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
From 179510be300bf11115e37528d79619b53c884a63 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Tue, 5 Jan 2016 23:01:45 -0500
Subject: [PATCH] Address SF bug #71: Buffer overwrite when giffixing a
malformed gif.
---
util/giffix.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/util/giffix.c b/util/giffix.c
index 6fba84a..c14c45b 100644
--- a/util/giffix.c
+++ b/util/giffix.c
@@ -112,6 +112,8 @@ int main(int argc, char **argv)
Height = GifFileIn->Image.Height;
GifQprintf("\n%s: Image %d at (%d, %d) [%dx%d]: ",
PROGRAM_NAME, ++ImageNum, Col, Row, Width, Height);
+ if (Width > GifFileIn->SWidth)
+ GIF_EXIT("Image is wider than total");
/* Put the image descriptor to out file: */
if (EGifPutImageDesc(GifFileOut, Col, Row, Width, Height,
--
1.9.1
|
