Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
gdk-pixbuf.7709
gdk-pixbuf-gif-negative-array-indexes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gdk-pixbuf-gif-negative-array-indexes.patch of Package gdk-pixbuf.7709
From 23e2a7c4b7794220ecd77389b3976c0767fc839d Mon Sep 17 00:00:00 2001 From: Tobias Mueller <muelli@cryptobitch.de> Date: Wed, 14 Dec 2016 08:03:16 +0100 Subject: [PATCH] gif: Prevent access to negative array indexes It seems that a pathological gif file can cause a negative array index to be read. UBSAN reported this: io-gif.c:509:44: runtime error: index -2 out of bounds for type 'guchar [280]' io-gif.c:510:44: runtime error: index -1 out of bounds for type 'guchar [280]' https://bugzilla.gnome.org/show_bug.cgi?id=778584 --- gdk-pixbuf/io-gif.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gdk-pixbuf/io-gif.c b/gdk-pixbuf/io-gif.c index ef1001779..acbd1f3be 100644 --- a/gdk-pixbuf/io-gif.c +++ b/gdk-pixbuf/io-gif.c @@ -508,6 +508,14 @@ gif_lzw_fill_buffer (GifContext *context) return -2; } + if (context->code_last_byte < 2) { + g_set_error_literal (context->error, + GDK_PIXBUF_ERROR, + GDK_PIXBUF_ERROR_CORRUPT_IMAGE, + _("Bad code encountered")); + return -2; + } + context->block_buf[0] = context->block_buf[context->code_last_byte - 2]; context->block_buf[1] = context->block_buf[context->code_last_byte - 1]; -- 2.15.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor